EP3800927A1 - Method for providing restricted service and communication device - Google Patents
Method for providing restricted service and communication device Download PDFInfo
- Publication number
- EP3800927A1 EP3800927A1 EP19819529.9A EP19819529A EP3800927A1 EP 3800927 A1 EP3800927 A1 EP 3800927A1 EP 19819529 A EP19819529 A EP 19819529A EP 3800927 A1 EP3800927 A1 EP 3800927A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- terminal
- restricted service
- service policy
- data flow
- identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004891 communication Methods 0.000 title claims abstract description 368
- 238000000034 method Methods 0.000 title claims abstract description 209
- 230000002159 abnormal effect Effects 0.000 claims abstract description 59
- 238000007726 management method Methods 0.000 claims description 43
- 238000012517 data analytics Methods 0.000 claims description 9
- 238000013523 data management Methods 0.000 claims description 7
- 230000006870 function Effects 0.000 description 62
- 238000012545 processing Methods 0.000 description 37
- 238000004590 computer program Methods 0.000 description 31
- 230000004044 response Effects 0.000 description 27
- 230000005540 biological transmission Effects 0.000 description 14
- 238000010295 mobile communication Methods 0.000 description 14
- 230000008569 process Effects 0.000 description 14
- 238000005516 engineering process Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 10
- 230000000694 effects Effects 0.000 description 8
- 238000012986 modification Methods 0.000 description 8
- 230000004048 modification Effects 0.000 description 8
- 230000009471 action Effects 0.000 description 6
- 238000012423 maintenance Methods 0.000 description 5
- 238000013507 mapping Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 230000011664 signaling Effects 0.000 description 4
- 230000005856 abnormality Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 239000003795 chemical substances by application Substances 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 101150119040 Nsmf gene Proteins 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y30/00—IoT infrastructure
- G16Y30/10—Security thereof
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/50—Safety; Security of things, users, data or systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/20—Traffic policing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0894—Policy-based network configuration management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/04—Arrangements for maintaining operational condition
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/14—Backbone network devices
Definitions
- Embodiments of this application relate to the communications field, and in particular, to a method for providing a restricted service, and a communications device.
- IoT internet of things
- IoT devices to connect to the Internet by using an information sensing device and exchange information, to achieve intelligent identification and management of the IoT devices.
- IoT devices such as a smart water meter and a lock of a shared bicycle are basically simple devices, and have comparatively simple functions and security risks.
- the IoT devices are vulnerable to hacker attacks, hijacking, and abuse, and therefore an abnormality occurs.
- a deregistration method is used for an abnormal IoT device, so that a network side deletes a registration management context and a protocol data unit (protocol data unit, PDU) session of the IoT device, to effectively reduce security risks.
- PDU protocol data unit
- Embodiments of this application provide a method for providing a restricted service, and a communications device, to effectively reduce security risks and improve management efficiency of an IoT device when the IoT device is abnormal.
- an embodiment of this application provides a method for providing a restricted service, where the method may include: receiving, by a PCF, an identifier of a terminal and indication information, where the indication information is used to indicate that the terminal is in a state of exception or indicate an exception type of the terminal; and sending, by the PCF, the identifier of the terminal and a first restricted service policy according to the indication information, where the first restricted service policy is used to provide a restricted service for the terminal.
- the PCF after receiving the identifier of the terminal and the indication information used to indicate that the terminal is in the state of exception or indicate the exception type of the terminal, the PCF sends, according to the indication information, the identifier of the terminal and the first restricted service policy used to provide the restricted service for the terminal, to provide the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal.
- the restricted service includes any one of the following: stopping an uplink data flow; restricting a downlink data flow; and stopping an uplink data flow and restricting a downlink data flow. In this way, a more accurate restricted service can be provided for the terminal.
- the sending, by the PCF, the identifier of the terminal and a first restricted service policy may specifically include: sending, by the PCF, the identifier of the terminal and the first restricted service policy to an SMF.
- the restricted service may include: stopping an uplink data flow; and the sending, by the PCF, the identifier of the terminal and a first restricted service policy may specifically include: sending, by the PCF, the identifier of the terminal and the first restricted service policy to an AMF.
- the receiving, by a policy control function PCF, an identifier of a terminal and indication information may specifically include: receiving, by the PCF, the identifier of the terminal and the indication information from an NWDAF, an AF, or the SMF.
- an embodiment of this application provides a method for providing a restricted service, where the method may include: receiving, by an SMF, an identifier of a terminal and a first restricted service policy; and when the first restricted service policy is used to stop an uplink data flow of the terminal, sending, by the SMF, a second restricted service policy to the terminal, where the second restricted service policy is used to stop the uplink data flow of the terminal; or when the first restricted service policy is used to stop an uplink data flow of the terminal, sending, by the SMF, an identifier of the terminal and a third restricted service policy to an access network device, where the third restricted service policy is used to stop the uplink data flow of the terminal; or when the first restricted service policy is used to restrict a downlink data flow of the terminal, sending, by the SMF, an identifier of the terminal and a fourth restricted service policy to a user plane function UPF, where the fourth restricted service policy is used to restrict the downlink data flow of the terminal; or when the first restricted service policy is used to stop
- the SMF after receiving the identifier of the terminal and the first restricted service policy used to provide a restricted service for the terminal, the SMF sends, according to the first restricted service policy, a restricted service policy corresponding to a communications device to the communications device, so that the communications device can provide the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal.
- the second restricted service policy may include a quality of service QoS rule, and the QoS rule is used to stop an uplink data flow; or the third restricted service policy may include a QoS configuration file, and the QoS configuration file is used to stop an uplink data flow; or the fourth restricted service policy may include QoS information, and the QoS information is used to restrict a downlink data flow.
- the receiving, by a session management function SMF, an identifier of a terminal and a first restricted service policy may specifically include: receiving, by the SMF, the identifier of the terminal and the first restricted service policy from a PCF, a UDM, or an AMF.
- the method before the receiving, by the SMF, the identifier of the terminal and the first restricted service policy from a PCF, the method may further include: receiving, by the SMF, the identifier of the terminal and indication information from the AMF, where the indication information is used to indicate that the terminal is in a state of exception or an exception type of the terminal; and sending, by the SMF, the identifier of the terminal and the indication information to the PCF.
- an embodiment of this application provides a method for providing a restricted service, where the method may include: receiving, by an AMF, an identifier of a terminal and a first restricted service policy from a PCF, where the first restricted service policy is used to provide a restricted service for the terminal; and sending, by the AMF, a second restricted service policy to the terminal according to the first restricted service policy, where the second restricted service policy is used to stop an uplink data flow of the terminal; or sending, by the AMF, the identifier of the terminal and a third restricted service policy to an access network device according to the first restricted service policy, where the third restricted service policy is used to stop an uplink data flow of the terminal.
- the AMF after receiving the identifier of the terminal and the first restricted service policy used to provide the restricted service for the terminal, the AMF sends, according to the first restricted service policy, a restricted service policy corresponding to a communications device to the communications device, so that the communications device can provide the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is in a state of exception. This effectively reduces security risks and improves management efficiency of the terminal.
- the second restricted service policy may include indication information, and the indication information is used to instruct to update or modify a threshold value of a URSP of the terminal to a first value, and the first value is used to stop an uplink data flow; or the third restricted service policy may include a quality of service QoS configuration file, and the QoS configuration file is used to stop an uplink data flow.
- an embodiment of this application provides a method for providing a restricted service, where the method may include: determining, by a first network element, that a terminal is in a state of exception; and sending, by the first network element, an identifier of the terminal and indication information to a PCF, where the indication information is used to indicate that the terminal is in the state of exception or indicate an exception type of the terminal.
- the first network element when determining that the terminal is in the state of exception, the first network element sends the identifier of the terminal and the indication information used to indicate that the terminal is in the state of exception or indicate the exception type of the terminal to the PCF, so that the PCF can send, according to the indication information, the identifier of the terminal and a first restricted service policy used to provide a restricted service for the terminal, to provide the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is abnormal.
- the determining, by a first network element, that a terminal is in a state of exception may specifically include: determining, by the first network element based on traffic information of the terminal, that the terminal is in the state of exception, where the traffic information may include uplink traffic information and/or downlink traffic information.
- the exception type includes any one of the following: abnormal uplink traffic; abnormal downlink traffic; and abnormal uplink traffic and abnormal downlink traffic. In this way, a more accurate restricted service can be provided for the terminal based on the classified exception types.
- the first network element may be an NWDAF or an AF.
- an embodiment of this application provides a method for providing a restricted service, where the method may include: receiving, by a UDM, an identifier of a terminal and a first restricted service policy from an AF, where the first restricted service policy is used to provide a restricted service for the terminal; and sending, by the UDM, the identifier of the terminal and the first restricted service policy to an AMF or an SMF.
- the UDM after receiving the identifier of the terminal and the first restricted service policy used to provide the restricted service for the terminal, the UDM sends the identifier of the terminal and the first restricted service policy to the AMF or the SMF, to provide the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is in a state of exception. This effectively reduces security risks and improves management efficiency of the terminal.
- the restricted service may include any one of the following: stopping an uplink data flow; restricting a downlink data flow; and stopping an uplink data flow and restricting a downlink data flow. In this way, a more accurate restricted service can be provided for the terminal.
- an embodiment of this application provides a method for providing a restricted service, where the method may include: determining, by an AF, that a terminal is in a state of exception and a restricted service policy corresponding to an exception, where the restricted service policy corresponding to the exception is used to provide a restricted service for the terminal; and sending, by the AF, the identifier of the terminal and the restricted service policy corresponding to the exception to a UDM.
- the AF when determining that the terminal is in the state of exception, the AF may determine the restricted service policy corresponding to the exception, and send the identifier of the terminal and the restricted service policy used to provide the restricted service for the terminal, so that a communications device can provide the restricted service for the terminal according to the restricted service policy, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal.
- the determining, by an application function AF, that a terminal is in a state of exception may specifically include: determining, by the AF based on the traffic information of the terminal, that the terminal is in a state of exception, where the traffic information may include uplink traffic information and/or downlink traffic information.
- the restricted service includes any one of the following: stopping an uplink data flow; restricting a downlink data flow; and stopping an uplink data flow and restricting a downlink data flow. In this way, a more accurate restricted service can be provided for the terminal.
- an embodiment of this application provides a communications device, where the communications device may include: a receiving unit, configured to receive an identifier of a terminal and indication information, where the indication information is used to indicate that the terminal is in a state of exception or indicate an exception type of the terminal; and a sending unit, configured to send the identifier of the terminal and a first restricted service policy according to the indication information received by the receiving unit, where the first restricted service policy is used to provide a restricted service for the terminal.
- the restricted service may include any one of the following: stopping an uplink data flow; restricting a downlink data flow; and stopping an uplink data flow and restricting a downlink data flow.
- the sending unit may be specifically configured to: send the identifier of the terminal and the first restricted service policy to an SMF.
- the restricted service may include: stopping an uplink data flow; and the sending unit may be specifically configured to send the identifier of the terminal and the first restricted service policy to an AMF.
- the receiving unit may be specifically configured to receive the identifier of the terminal and the indication information from an NWDAF, an AF, or the SMF.
- an embodiment of this application provides a communications device, where the communications device may include: a receiving unit, configured to receive an identifier of a terminal and a first restricted service policy; and a sending unit, configured to: when the first restricted service policy received by the receiving unit is used to stop an uplink data flow of the terminal, send a second restricted service policy to the terminal, where the second restricted service policy is used to stop the uplink data flow of the terminal; or when the first restricted service policy received by the receiving unit is used to stop an uplink data flow of the terminal, send an identifier of the terminal and a third restricted service policy to an access network device, where the third restricted service policy is used to stop the uplink data flow of the terminal; or when the first restricted service policy received by the receiving unit is used to restrict a downlink data flow of the terminal, send an identifier of the terminal a fourth restricted service policy to a UPF, where the fourth restricted service policy is used to restrict the downlink data flow of the terminal; or when the first restricted service policy received by the receiving unit is used
- the second restricted service policy may include a quality of service QoS rule, and the QoS rule is used to stop an uplink data flow; or the third restricted service policy may include a QoS configuration file, and the QoS configuration file is used to stop an uplink data flow; or the fourth restricted service policy may include QoS information, and the QoS information is used to restrict a downlink data flow.
- the receiving unit may be specifically configured to: receive the identifier of the terminal and the first restricted service policy from a PCF, a UDM, or an AMF.
- the receiving unit may be further configured to receive the identifier of the terminal and indication information from the AMF, where the indication information is used to indicate that the terminal is in a state of exception or an exception type of the terminal; and the sending unit is further configured to send the identifier of the terminal and the indication information to the PCF.
- an embodiment of this application provides a communications device, where the communications device may include: a receiving unit, configured to receive an identifier of a terminal and a first restricted service policy from a PCF, where the first restricted service policy is used to provide a restricted service for the terminal; and a sending unit, configured to send a second restricted service policy to the terminal according to the first restricted service policy, where the second restricted service policy is used to stop an uplink data flow of the terminal; or send the identifier of the terminal and a third restricted service policy to an access network device according to the first restricted service policy, where the third restricted service policy is used to stop an uplink data flow of the terminal.
- the second restricted service policy may include indication information, and the indication information is used to instruct to update or modify a threshold value of a URSP of the terminal to a first value, and the first value is used to stop an uplink data flow; or the third restricted service policy may include a quality of service QoS configuration file, and the QoS configuration file is used to stop an uplink data flow.
- a communications device may include: a determining unit, configured to determine that a terminal is in a state of exception; and a sending unit, configured to send an identifier of the terminal and indication information to a PCF, where the indication information is used to indicate that the terminal is in the state of exception or indicate an exception type of the terminal.
- the determining unit may be specifically configured to determine, based on traffic information of the terminal, that the terminal is in the state of exception, where the traffic information may include uplink traffic information and/or downlink traffic information.
- the exception type may include any one of the following: abnormal uplink traffic; abnormal downlink traffic; and abnormal uplink traffic and abnormal downlink traffic.
- the communications device may be an NWDAF or an AF.
- a communications device configured to include: a receiving unit, configured to receive an identifier of a terminal and a first restricted service policy from an AF, where the first restricted service policy is used to provide a restricted service for the terminal; and a sending unit, configured to send the identifier of the terminal and the first restricted service policy to an AMF or an SMF.
- the restricted service may include any one of the following: stopping an uplink data flow; restricting a downlink data flow; and stopping an uplink data flow and restricting a downlink data flow.
- a communications device configured to include: a determining unit, configured to determine that a terminal is in a state of exception and a restricted service policy corresponding to an exception, where the restricted service policy corresponding to the exception is used to provide a restricted service for the terminal; and a sending unit, configured to send to a UDM, the identifier of the terminal and the restricted service policy that is corresponding to the exception and that is determined by the determining unit.
- the determining unit may be specifically configured to determine, based on the traffic information of the terminal, that the terminal is in the state of exception, where the traffic information may include uplink traffic information and/or downlink traffic information.
- the restricted service may include any one of the following: stopping an uplink data flow; restricting a downlink data flow; and stopping an uplink data flow and restricting a downlink data flow.
- a communications device includes at least one processor and a memory, where the memory is configured to store a computer program, so that when the computer program is executed by the at least one processor, the computer program implements the method for providing a restricted service according to any one of the first aspect or the possible implementations of the first aspect.
- a computer-readable storage medium configured to store a computer program.
- the computer program is used to perform the method for providing a restricted service according to any one of the first aspect or the possible implementations of the first aspect.
- a communications device includes at least one processor and a memory, where the memory is configured to store a computer program, so that when the computer program is executed by the at least one processor, the computer program implements the method for providing a restricted service according to any one of the second aspect or the possible implementations of the second aspect.
- a computer-readable storage medium configured to store a computer program.
- the computer program is used to perform the method for providing a restricted service according to any one of the second aspect or the possible implementations of the second aspect.
- a communications device includes at least one processor and a memory, where the memory is configured to store a computer program, so that when the computer program is executed by the at least one processor, the computer program implements the method for providing a restricted service according to any one of the third aspect or the possible implementations of the third aspect.
- a computer-readable storage medium configured to store a computer program.
- the computer program is used to perform the method for providing a restricted service according to any one of the third aspect or the possible implementations of the third aspect.
- a communications device includes at least one processor and a memory, where the memory is configured to store a computer program, so that when the computer program is executed by the at least one processor, the computer program implements the method for providing a restricted service according to any one of the fourth aspect or the possible implementations of the fourth aspect.
- a computer-readable storage medium configured to store a computer program.
- the computer program is used to perform the method for providing a restricted service according to any one of the fourth aspect or the possible implementations of the fourth aspect.
- a communications device includes at least one processor and a memory, where the memory is configured to store a computer program, so that when the computer program is executed by the at least one processor, the computer program implements the method for providing a restricted service according to any one of the fifth aspect or the possible implementations of the fifth aspect.
- a computer-readable storage medium configured to store a computer program.
- the computer program is used to perform the method for providing a restricted service according to any one of the fifth aspect or the possible implementations of the fifth aspect.
- a communications device includes at least one processor and a memory, where the memory is configured to store a computer program, so that when the computer program is executed by the at least one processor, the computer program implements the method for providing a restricted service according to any one of the sixth aspect or the possible implementations of the sixth aspect.
- a computer-readable storage medium configured to store a computer program.
- the computer program is used to perform the method for providing a restricted service according to any one of the sixth aspect or the possible implementations of the sixth aspect.
- a chip system includes a processor, configured to implement functions in the foregoing aspects, for example, generating or processing data and/or information in the foregoing methods.
- the chip system further includes a memory.
- the memory is configured to store a program instruction and data that are necessary for the communications device.
- the chip system may include a chip, or may include a chip and another discrete device.
- the communications devices described in the seventh aspect to the thirteenth aspect, the fifteenth aspect, the seventeenth aspect, the nineteenth aspect, the twenty-first aspect, and the twenty-third aspect, the computer-readable storage medium described in the fourteenth aspect, the sixteenth aspect, the eighteenth aspect, the twentieth aspect, the twenty-second aspect, and the twenty-fourth aspect, and the chip system described in the twenty-fifth aspect are all configured to perform the corresponding methods described above.
- advantageous effects that can be achieved refer to advantageous effects in the corresponding methods. Details are not described herein again.
- a and/or B may represent the following three cases: Only A exists, both A and B exist, and only B exists.
- the character "/" in the following embodiments generally indicates an "or" relationship between the associated objects.
- a method for providing a restricted service provided in the embodiments of this application may be applied to any mobile communications system that needs to provide a restricted service for a terminal.
- the method may be applied to a 5G mobile communications system shown in FIG. 1 .
- the 5G mobile communication system may include a terminal and an access network device, for example, an access network (access network, AN)/radio access network (radio access network, RAN), a data network (data network, DN), and a plurality of network functions (network function, NF): a network exposure function (network exposure function, NEF), a policy control function (policy control function, PCF), a unified data management (unified data management, UDM), an application function (application function, AF), a network data analytics function (network data analytics function, NWDAF), an access and mobility management function (access and mobility management function, AMF), a session management function (session management function, SMF), and a user plane function (user plane function, UPF).
- an access network access network
- AN access network exposure function
- policy control function policy control function
- PCF policy control function
- UDM unified data management
- NWDAF network data analytics function
- NWDAF access and mobility management function
- AMF access and mobility management function
- SMF
- FIG. 1 is merely an example diagram of a structure of the 5G mobile communications system.
- the 5G mobile communications system may further include other communications devices, such as an authentication server function (authentication server function, AUSF). This is not limited in this embodiment of this application.
- authentication server function authentication server function
- the communications devices such as the NEF, the PCF, the UDM, the AF, the NWDAF, the AMF, and the SMF may be connected by using a communications bus. Based on the communications bus, the communications devices may establish a connection by invoking a corresponding service-oriented interface, to communicate with each other.
- the NEF may invoke an Nnef interface to establish a connection to the AF, the UDM, or another communications device connected to the communications bus, to communicate with each other.
- the PCF may invoke an Npcf interface to establish a connection to the AF, the SMF, the NWDAF, the AMF, or another communications device connected to the communications bus, to communicate with each other.
- the UDM may invoke an Nudm interface to establish a connection to the SMF or the AMF, or another communications device connected to the communications bus, to communicate with each other.
- the AF may invoke an Naf interface to establish a connection to the NEF or another communications device connected to the communications bus, to communicate with each other.
- the NWDAF may invoke an Nnwdaf interface to establish a connection to the PCF or another communications device connected to the communications bus, to communicate with each other.
- the AMF may invoke an Namf interface to establish a connection to the SMF or another communications device connected to the communications bus, to communicate with each other.
- the SMF may invoke an Nsmf interface to establish a connection to the PCF or another communications device connected to the communications bus, to communicate with each other.
- the communications devices such as the AMF, the SMF, the UPF, the DN, the AN/RAN, and the terminal may establish a connection by using a next-generation network (next generation, NG) interface, to communicate with each other.
- the terminal may establish a control plane signaling connection to the AMF by using an N interface 1 (N1 for short).
- the AN/RAN may establish a user plane data connection to the UPF by using an N interface 3 (N3 for short).
- the AN/RAN may establish a control plane signaling connection to the AMF by using an N interface 2 (N2 for short).
- the UPF may establish a control plane signaling connection to the SMF by using an N interface 4 (N4 for short).
- the UPF may exchange user plane data with the DN by using an N interface 6 (N6 for short).
- names of the communications devices and the interfaces between the communications devices in the foregoing structure are merely examples. In a specific implementation, the communications devices and the interfaces between the communications devices may have other names. This is not specifically limited in the embodiments of this application.
- FIG. 1 With reference to FIG. 1 , the communications devices shown in FIG. 1 are described as follows:
- the terminal may be a wireless or wired terminal.
- a wireless terminal may refer to a device that provides a user with voice and/or data connectivity, a handheld device with a wireless connection function, or another processing device connected to a wireless modem.
- the wireless terminal may communicate with one or more communications devices such as an AMF or an SMF in a core network by using an AN/RAN.
- the wireless terminal may be a mobile terminal, for example, a mobile phone (or referred to as a "cellular" phone), a smartphone, a satellite wireless device, a wireless modem card, and a computer with a mobile terminal.
- the computer with a mobile terminal may be a laptop, portable, pocket-sized, handheld, computer built-in, or in-vehicle mobile apparatus that exchanges voice and/or data with a radio access network.
- the wireless terminal may be a personal communication service (personal communication service, PCS) phone, a cordless telephone set, a session initiation protocol (session initiation protocol, SIP) phone, a wireless local loop (wireless local loop, WLL) station, a personal digital assistant (personal digital assistant, PDA), or another device.
- PCS personal communication service
- SIP session initiation protocol
- WLL wireless local loop
- PDA personal digital assistant
- the wireless terminal may also be referred to as a system, a subscriber unit (subscriber unit), a subscriber station (subscriber station), a mobile station (mobile station), a mobile console (mobile), a remote station (remote station), an access point (access point), a remote terminal (remote terminal), an access terminal (access terminal), a user terminal (user terminal), user equipment (user equipment, UE), or a user agent (user agent).
- the terminal may alternatively be a relay (relay).
- the AN/RAN may be a network including a plurality of 5G-ANs/5G-RANs, and is configured to implement functions such as a radio physical layer function, resource scheduling, radio resource management, radio access control, and mobility management.
- the 5G-AN/5G-RAN may be an access node, a next-generation base station (generation nodeB, gNB), a transmission reception point (transmission receive point, TRP), a transmission point (transmission point, TP), or another access network device.
- generation nodeB next-generation base station
- TRP transmission receive point
- TP transmission point
- the NWDAF may provide a network data analytics service.
- the PCF provides a policy rule and another function to a control plane network element, for example, the NWDAF.
- the NEF may be configured to exchange internal and external information, and the like of a network.
- the UDM provides functions such as managing subscription data of a user and generating authentication information of the user.
- the AF may be an application server that may belong to an operator or a third party.
- the AMF may be a termination point of a control plane (the N2 interface) of a radio access network, a termination point of non-access signaling (NAS, the N1 interface), and has functions such as performing mobility management, lawful interception, and access authorization/authentication on a terminal.
- a control plane the N2 interface
- NAS non-access signaling
- the SMF has functions such as establishing, modifying, and deleting a session.
- the UPF is an anchor for radio access technology handover, and may be configured to perform functions such as routing and forwarding of user plane data.
- the UPF is responsible for filtering a data packet, transmitting/forwarding data, performing rate control, generating charging information, and the like for the terminal.
- FIG. 2 is a schematic diagram of a structure of a communications device 20 according to an embodiment of this application.
- FIG. 2 shows a structure of the AN/RAN, the NEF, the PCF, the UDM, the AF, the NWDAF, the AMF, the SMF, the UPF, and the terminal in the 5G mobile communications system shown in FIG. 1 .
- the communications device 20 may include at least one processor 21, a memory 22, a communications interface 23, and a communications bus 24.
- the processor 21, the memory 22, and the communications interface 23 may be connected to each other by using the communications bus 24.
- the device structure shown in FIG. 2 constitutes no limitation on the communications device 20.
- the communications device 20 may include more or fewer components than those shown in the figure, or combine some components, or have different component arrangements. This is not limited in the embodiments of this application. The following specifically describes each constituent component of the communications device 20 with reference to FIG. 2 .
- the processor 21 is a control center of the communications device, and may be one processor or may be a collective name of a plurality of processing components.
- the processor 21 may be a central processing unit (central processing unit, CPU), or an application-specific integrated circuit (application specific integrated circuit, ASIC), or may be configured as one or more integrated circuits implementing the embodiments of this application, for example, one or more digital signal processors (digital signal processor, DSP), or one or more field programmable gate arrays (field programmable gate array, FPGA).
- the processor 21 may run or execute a software program stored in the memory 22, and invoke data stored in the memory 22, to perform various functions of the communications device 20.
- the processor 21 may include one or more CPUs, for example, a CPU 0 and a CPU 1 in FIG. 2 .
- the communications device 20 may include a plurality of processors, for example, the processor 21 and a processor 25 shown in FIG. 2 .
- Each of these processors may be a single-core processor (single-CPU), or may be a multi-core processor (multi-CPU).
- the processor herein may be one or more devices, circuits, and/or processing cores configured to process data (for example, a computer program instruction).
- the memory 22 may be a read-only memory (read-only memory, ROM), another type of static storage device that can store static information and an instruction, a random access memory (random access memory, RAM), or another type of dynamic storage device that can store information and an instruction, or may be an electrically erasable programmable read-only memory (electrically erasable programmable read-only memory, EEPROM), a compact disc read-only memory (compact disc read-only memory, CD-ROM), another optical disc storage, an optical disc storage (including a compact disc, a laser disc, an optical disc, a digital versatile disc, a Blu-ray disc, and the like), a disk storage medium, another magnetic storage device, or any other medium that can be used to carry or store expected program code in a form of an instruction or a data structure and that can be accessed by a computer.
- ROM read-only memory
- RAM random access memory
- EEPROM electrically erasable programmable read-only memory
- CD-ROM compact disc read-only memory
- the memory 22 may exist independently, and is connected to the processor 21 by using the communications bus 24. Alternatively, the memory 22 may be integrated with the processor 21.
- the memory 22 is configured to store a software program that performs the solution provided by the embodiments of this application, and the processor 21 controls execution of the software program.
- the communications interface 23 is configured to communicate with another device or a communications network, for example, an Ethernet, a RAN, or a wireless local area network (wireless local area networks, WLAN).
- the communications interface23 may be implemented by using any apparatus such as a transceiver.
- the communications bus 24 may be an industry standard architecture (industry standard architecture, ISA) bus, a peripheral component interconnect (peripheral component interconnect, PCI) bus, an extended industry standard architecture (extended industry standard architecture, EISA) bus, or the like.
- the bus may be classified into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is used to represent the bus in FIG. 2 , but this does not mean that there is only one bus or only one type of bus.
- the method for providing a restricted service may be applied to the 5G mobile communications system shown in FIG. 1 .
- Detailed descriptions are provided below with reference to the 5G mobile communications system shown in FIG. 1 .
- FIG. 3 is a schematic flowchart of a method for providing a restricted service according to an embodiment of this application. The method may include the following steps.
- Step 301 A first network element determines that a terminal is in a state of exception.
- the first network element may be the NWDAF or the AF in the 5G mobile communications system shown in FIG. 1 .
- Step 301 may also be referred to as that: A first network element determines, based on traffic information of a terminal, that the terminal is in the state of exception.
- the traffic information of the terminal may be classified into uplink traffic information and downlink traffic information based on different flow directions.
- the uplink traffic information may be traffic information corresponding to a data packet sent by the terminal to a network-side device (for example, an AN or a RAN).
- the downlink traffic information may be traffic information corresponding to a data packet sent by the network-side device to the terminal.
- the uplink traffic information may include at least one of the following: an uplink flow rate, an uplink flow interval, and an uplink flow size.
- the downlink traffic information may include at least one of the following: a downlink flow rate, a downlink flow interval, and a downlink flow size.
- the uplink flow rate may refer to a size of a data packet sent by the terminal to the network-side device within a unit time.
- the uplink flow interval may refer to an interval between data packets sent by the terminal to the network-side device.
- the uplink flow size refers to a size of each data packet sent by the terminal to the network-side device.
- the downlink flow rate may refer to a size of a data packet sent by the network-side device to the terminal within a unit time.
- the downlink flow interval may refer to an interval between data packets sent by the network-side device to the terminal.
- the downlink flow size refers to a size of each data packet sent by the network-side device to the terminal.
- that the first network element determines, based on traffic information of a terminal may include: The first network element may determine, based on whether the traffic information of the terminal meets a specific condition, whether the terminal is in the state of exception. If the uplink traffic information and/or the downlink traffic information of the terminal do/does not meet the specific condition, the first network element may determine that the terminal is in the state of exception. If both the uplink traffic information and the downlink traffic information of the terminal meet the specific condition, the first network element may determine that the terminal is not in the state of exception or is normal.
- the specific condition may be set based on historical traffic information of a large quantity of terminals and an exception result corresponding to the historical traffic information.
- the exception result may include that the terminal is in the state of exception and the terminal is not in the state of exception (or is normal).
- "the terminal is in a state of exception” may also be referred to as "terminal traffic is abnormal.” For example, if the traffic information of the terminal includes a flow rate (for example, an uplink flow rate and/or a downlink flow rate), when the flow rate of the terminal is greater than 2 Mbit/s (M/s), the first network element may determine that the terminal is in the state of exception.
- a flow rate for example, an uplink flow rate and/or a downlink flow rate
- M/s Mbit/s
- the first network element may determine that the terminal is in the state of exception.
- a flow rate for example, an uplink flow rate and/or a downlink flow rate
- a flow interval for example, an uplink flow interval and/or a downlink flow interval
- that the traffic information of the terminal does not meet the specific condition may include the following three cases: 1. The uplink traffic information of the terminal does not meet the specific condition. 2. The downlink traffic information of the terminal does not meet the specific condition. 3. Neither the uplink traffic information nor the downlink traffic information of the terminal meets the specific condition.
- that the first network element determines, based on traffic information of a terminal may include: When determining that the terminal is in the state of exception, the first network element may further determine an exception type of the terminal based on the traffic information of the terminal.
- the exception type may include any one of the following: abnormal uplink traffic; abnormal downlink traffic; and abnormal uplink traffic and abnormal downlink traffic.
- the first network element may determine that the exception type of the terminal is in the state of exception uplink traffic. For example, when determining that the uplink flow rate of the terminal is greater than 2 Mbit/s, the first network element may determine that the exception type of the terminal is in the state of exception uplink traffic.
- the first network element may determine that the exception type of the terminal is in the state of exception downlink traffic.
- the first network element may determine that the exception type of the terminal is in the state of exception downlink traffic.
- the first network element determines that the exception type of the terminal is in the state of exception uplink traffic and abnormal downlink traffic. For example, when determining that the uplink flow rate and the downlink flow rate of the terminal are greater than 2 Mbit/s, the first network element may determine that the exception type of the terminal is in the state of exception uplink traffic and abnormal downlink traffic.
- the traffic information of the terminal may be reported to the first network element by a communications device, such as an AMF.
- the AMF reports the traffic information of the terminal to the first network element.
- the AMF may monitor uplink traffic of the terminal and determine whether the uplink traffic of the terminal exceeds a threshold. When the uplink traffic of the terminal exceeds the threshold, the AMF may report the uplink traffic information of the terminal to the first network element.
- the AMF may monitor downlink traffic of the terminal and determine whether the downlink traffic of the terminal exceeds a threshold. When the downlink traffic of the terminal exceeds the threshold, the AMF may report the downlink traffic information of the terminal to the first network element.
- the AMF may monitor both the uplink traffic and the downlink traffic of the terminal.
- the AMF may report the uplink traffic information and the downlink traffic information of the terminal to the first network element.
- the AMF may periodically monitor traffic of the terminal (for example, the uplink traffic and/or the downlink traffic), or may monitor the traffic of the terminal according to a monitoring event delivered by the first network element.
- the monitoring event may be used to instruct to monitor the traffic of the terminal.
- Step 302 The first network element sends an identifier of the terminal and indication information to a PCF.
- the indication information may be used to indicate that the terminal is in the state of exception or indicate the exception type of the terminal.
- the identifier of the terminal is used to identify the terminal.
- the identifier may be an internet protocol (internet protocol, IP) address, a mobile subscriber international ISDN (mobile subscriber international ISDN, MSISDN) number, or the like.
- the indication information is used to indicate that the terminal is in the state of exception' may also be referred to as "the indication information is used to indicate that the traffic of the terminal is abnormal";
- the indication information is used to indicate the exception type of the terminal may also be referred to as “the indication information is used to indicate a traffic exception type of the terminal.”
- the indication information may include one bit. For example, when the indication information is "0", the indication information is used to indicate that the terminal is in the state of exception. When the indication information is "1", the indication information is used to indicate that the terminal is not in the state of exception or is normal.
- the indication information may include two bits. For example, when the indication information is "00", the indication information is used to indicate that the exception type of the terminal is in the state of exception uplink traffic. When the indication information is "01”, the indication information is used to indicate that the exception type of the terminal is in the state of exception downlink traffic. When the indication information is "10”, the indication information is used to indicate that the exception type of the terminal is in the state of exception uplink traffic and abnormal downlink traffic.
- the first network element may directly send the identifier of the terminal and the indication information to the PCF (as shown in FIG. 3 ).
- the PCF may directly send the identifier of the terminal and the indication information to the PCF (as shown in FIG. 3 ).
- the first network element may alternatively send the identifier of the terminal and the indication information (not shown in FIG. 3 ) to the PCF by using a communications device such as an NEF, the AMF, or an SMF.
- a communications device such as an NEF, the AMF, or an SMF.
- Step 303 The PCF receives the identifier of the terminal and the indication information.
- the PCF may receive the identifier of the terminal and the indication information from the first network element such as an NWDAF or an AF.
- the first network element such as an NWDAF or an AF.
- the PCF may alternatively receive the identifier of the terminal and the indication information from the SMF.
- the SMF may receive the identifier of the terminal and the indication information from the first network element.
- Step 304 The PCF sends the identifier of the terminal and a first restricted service policy (restricted service policy) according to the indication information.
- a first restricted service policy restricted service policy
- the PCF may send the identifier of the terminal and the first restricted service policy to the SMF or the AMF.
- the step 304 to step 306 are described by using an example in which the PCF sends the identifier of the terminal and the first restricted service policy to the SMF. This is not limited herein.
- the first restricted service policy may be used to provide a restricted service for the terminal.
- the restricted service may include any one of the following: stopping an uplink data flow; restricting a downlink data flow; and stopping an uplink data flow and restricting a downlink data flow.
- the first restricted service policy may be stopping an uplink data flow of the terminal, or may be restricting a downlink data flow of the terminal, or may be stopping an uplink data flow and restricting a downlink data flow of the terminal.
- “Stopping an uplink data flow” may also be referred to as “stopping an uplink data flow of the terminal on a terminal side/RAN side (stop the UL data flow of the Terminal in the Terminal/RAN side)."
- Restricting a downlink data flow may also be referred to as “restricting a downlink data flow of the terminal, and allowing a downlink data flow only of ⁇ a port with a certain IP> to be sent to the terminal (restrict the DL data flow for the Terminal, only allow DL data flow from ⁇ some port, some ip>)"; or “allowing a downlink data flow only of ⁇ a port with a certain IP> to be sent to the terminal.”
- “Restricting a downlink data flow of the terminal, and allowing a downlink data flow only of ⁇ a port with a certain IP> to be sent to the terminal” refers to restricting the downlink data flow of the terminal by allowing a downlink data flow only of ⁇ a port with a certain IP> to be sent to the terminal.
- the PCF may determine the first restricted service policy according to the indication information, and send the identifier of the terminal and the first restricted service policy to the SMF.
- the PCF may store a restricted service policy corresponding to an exception of the terminal, namely, the first restricted service policy.
- the first restricted service policy may be stopping an uplink data flow of the terminal, or may be restricting a downlink data flow of the terminal, or may be stopping an uplink data flow and restricting a downlink data flow of the terminal.
- the first restricted service policy stored on the PCF may be predefined, or may be preconfigured on the PCF, or may be delivered by another communications device to the PCF. This is not specifically limited in this embodiment of this application.
- the PCF may store a correspondence between an exception and a restricted service policy, and the PCF determines, based on the correspondence between an exception and a restricted service policy, the restricted service policy corresponding to the exception of the terminal as the first restricted service policy.
- the PCF may store a mapping relationship between an exception type and a restricted service policy. As shown in Table 1, the PCF determines, based on the mapping relationship, a restricted service policy corresponding to the exception type as the first restricted service policy.
- Table 1 Abnormality type Restricted service policy Abnormal uplink traffic Stopping an uplink data flow of the terminal Abnormal downlink traffic Restricting a downlink data flow of the terminal Abnormal uplink traffic and abnormal downlink traffic Stopping an uplink data flow and restricting a downlink data flow of the terminal
- the indication information when the indication information is "00", the indication information is used to indicate that the exception type of the terminal is in the state of exception uplink traffic, and the PCF may determine, based on Table 1, that the first restricted service policy is stopping an uplink data flow of the terminal.
- the indication information is "01”
- the indication information is used to indicate that the exception type of the terminal is in the state of exception downlink traffic, and the PCF may determine, based on Table 1, that the first restricted service policy is restricting a downlink data flow of the terminal.
- the indication information is used to indicate that the exception type of the terminal is in the state of exception uplink traffic and abnormal downlink traffic, and the PCF may determine, based on Table 1, that the first restricted service policy is stopping an uplink data flow and restricting a downlink data flow of the terminal.
- terminals in the state of exception may correspond to a same or different restricted service policies in this embodiment of this application.
- a restricted service policy corresponding to terminal 1 in the state of exception may be a restricted service policy 1
- a restricted service policy corresponding to terminal 2 in the state of exception may be a restricted service policy 2.
- restricted service policies corresponding to different exception types of the terminal 1 in the state of exception may be the restricted service policy 1, the restricted service policy 2, and a restricted service policy 3, and restricted service policies corresponding to different exception types of the terminal 2 in the state of exception may be a restricted service policy 1', a restricted service policy 2', and a restricted service policy 3'.
- Step 305 An SMF receives the identifier of the terminal and the first restricted service policy.
- Step 306 The SMF sends, according to the received first restricted service policy, a restricted service policy corresponding to a communications device to the communications device.
- the restricted service policy corresponding to the communications device is sent to the communications device in the step 306, so that the communications device provides the restricted service for the terminal according to the received restricted service policy.
- the communications device may be a terminal, an access network device, or a UPF.
- the communications device may be a terminal and a UPF, or may be an access network device and a UPF. This is not limited herein.
- the SMF may send a second restricted service policy to the terminal according to the first restricted service policy, so that the terminal performs a related operation according to the second restricted service policy, for example, stops the uplink data flow of the terminal.
- the SMF may send a second restricted service policy to the terminal according to the first restricted service policy, so that the terminal performs a related operation according to the second restricted service policy, for example, stops the uplink data flow of the terminal.
- the SMF may send the identifier of the terminal and a third restricted service policy to an access network device according to the first restricted service policy, so that the access network device provides the restricted service for the terminal based on the identifier of the terminal and the third restricted service policy, for example, stops the uplink data flow of the terminal.
- the SMF may send the identifier of the terminal and a third restricted service policy to an access network device according to the first restricted service policy, so that the access network device provides the restricted service for the terminal based on the identifier of the terminal and the third restricted service policy, for example, stops the uplink data flow of the terminal.
- the SMF may send the identifier of the terminal and a fourth restricted service policy to the UPF according to the first restricted service policy, so that the UPF provides the restricted service for the terminal based on the identifier of the terminal and the fourth restricted service policy, for example, restricts the downlink data flow of the terminal.
- the SMF may send the identifier of the terminal and a fourth restricted service policy to the UPF according to the first restricted service policy, so that the UPF provides the restricted service for the terminal based on the identifier of the terminal and the fourth restricted service policy, for example, restricts the downlink data flow of the terminal.
- the SMF may send the second restricted service policy to the terminal according to the first restricted service policy, so that the terminal performs a related operation according to the second restricted service policy, for example, stops then uplink data flow of the terminal, and sends the identifier of the terminal and the fourth restricted service policy to the UPF, so that the UPF provides the restricted service for the terminal based on the identifier of the terminal and the fourth restricted service policy, for example, restricts the downlink data flow of the terminal.
- the SMF may send the identifier of the terminal and the third restricted service policy to the access network device according to the first restricted service policy, so that the access network device provides the restricted service for the terminal based on the identifier of the terminal and the third restricted service policy, for example, stops the uplink data flow of the terminal, and sends the identifier of the terminal and the fourth restricted service policy to the UPF, so that the UPF provides the restricted service for the terminal based on the identifier of the terminal and the fourth restricted service policy, for example, restricts the downlink data flow of the terminal.
- the second restricted service policy, the third restricted service policy, and the fourth restricted service policy may be the same as or different from the first restricted service policy.
- the SMF may perform the step 306 without processing the first restricted service policy, but directly send the first restricted service policy to the communications device, so that the communications device provides the restricted service for the terminal according to the first restricted service policy.
- the SMF may use policy information that is in the first restricted service policy and that is used by the terminal to stop the uplink data flow as the second restricted policy and send the second restricted policy to the terminal.
- the first restricted service policy is different from the second restricted service policy.
- the SMF may use policy information that is in the first restricted service policy and that is used by the access network device to stop the uplink data flow of the terminal as the third restricted policy and send the third restricted policy to the access network device.
- the step 304 may alternatively be as follows: The PCF sends the identifier of the terminal and the first restricted service policy to the AMF according to the indication information.
- the step 305 may alternatively be as follows: The AMF receives the identifier of the terminal and the first restricted service policy.
- the step 306 may alternatively be as follows: The AMF sends the restricted service policy corresponding to the communications device to the communications device according to the received first restricted service policy.
- the restricted service policy corresponding to the communications device is sent to the communications device in the alternative step 306, so that the communications device provides the restricted service for the terminal according to the received restricted service policy.
- a specific implementation process in which the AMF sends, according to the received first restricted service policy, the restricted service policy corresponding to the communications device to the communications device is similar to that of the SMF in the step 306. Details are not described herein again.
- the AMF may send the second restricted service policy to the terminal according to the received first restricted service policy, so that the terminal performs a related operation according to the second restricted service policy, for example, stops the uplink data flow of the terminal.
- the AMF may send the identifier of the terminal and the third restricted service policy to the access network device according to the received first restricted service policy, so that the access network device provides the restricted service for the terminal based on the identifier of the terminal and the third restricted service policy, for example, stops the uplink data flow of the terminal.
- FIG. 11 This is not limited herein.
- the second restricted service policy is used to stop an uplink data flow of the terminal.
- the third restricted service policy is used to stop an uplink data flow of the terminal.
- the fourth restricted service policy is used to restrict a downlink data flow of the terminal.
- the PCF after receiving the identifier of the terminal and the indication information used to indicate that the terminal is in the state of exception or indicate the exception type of the terminal, the PCF sends, according to the indication information, the identifier of the terminal and the first restricted service policy used to provide the restricted service for the terminal, to provide the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal.
- FIG. 4 to FIG. 6 are schematic flowcharts of a method for providing a restricted service according to another embodiment of this application.
- a first network element is the NWDAF in FIG. 1 is used as an example.
- the first network element is the AF in FIG. 1
- the method may include the following steps.
- Step 401 The NWDAF determines that a terminal is in a state of exception.
- Step 402 The NWDAF sends an identifier of the terminal and indication information to a PCF of the terminal.
- the indication information is used to indicate that the terminal is in the state of exception or indicate an exception type of the terminal.
- the indication information refer to related descriptions of the step 302 in the embodiment shown in FIG. 3 . Details are not described herein again.
- the NWDAF may invoke an Nnwdaf_EventsSubscription_Notify service to send the identifier of the terminal and the indication information to the PCF.
- the PCF of the terminal is a PCF that provides a service for the terminal, and may be one or more PCFs. This is not limited herein.
- a context of the terminal that is stored on the NWDAF includes an address of the PCF that provides the service for the terminal.
- the PCF may send a service response message to the NWDAF.
- the service response message is used to acknowledge reception of the identifier of the terminal and the indication information that are sent by the NWDAF.
- Step 403 The PCF determines a first restricted service policy according to the indication information.
- the first restricted service policy may be used to stop an uplink data flow of the terminal, or used to restrict a downlink data flow of the terminal, or used to stop an uplink data flow and restrict a downlink data flow of the terminal.
- Step 404 The PCF sends the identifier of the terminal and the first restricted service policy to an SMF.
- the PCF may invoke an Npcf_SMPolicyControl_UpdateNotify service to send the identifier of the terminal and the first restricted service policy to the SMF. Further, after receiving the identifier of the terminal and the first restricted service policy from the PCF, the SMF may send a service response message to the PC. The service response message is used to acknowledge reception of the identifier of the terminal and the first restricted service policy that are sent by the PCF.
- the method further includes: after receiving the identifier of the terminal and the first restricted service policy, the SMF sends, to a communications device according to the received first restricted service policy, a restricted service policy corresponding to the communications device, so that the communications device can provide the restricted service for the terminal according to the received restricted service policy.
- the method when the first restricted service policy is used to stop an uplink data flow of the terminal, the method may include the following step 405a and step 406a.
- the method when the first restricted service policy is used to stop an uplink data flow of the terminal, the method may include the following step 405b and step 406b.
- the method may include the following step 405c and step 406c.
- the method may include the following step 405a, step 405c, and step 406c, or the method may include the following step 405b, step 406b, step 405c, and step 406c.
- step 405a The following describes the step 405a and the step 406a.
- Step 405a The SMF sends a second restricted service policy to the terminal.
- the second restricted service policy is used to stop an uplink data flow of the terminal.
- the second restricted service policy may include a quality of service (quality of service, QoS) rule (QoS rule).
- QoS rule quality of service
- the QoS rule is used to stop an uplink data flow.
- the QoS rule includes the indication information.
- the indication information is used to instruct the terminal to set a filter that is of the terminal and that is used to transmit an uplink data packet to invalid.
- the second restricted service policy in the step 405a may be sent by the SMF to the terminal by using an AMF and an access network device (for example, an AN/RAN).
- a message about the second restricted service policy sent by the SMF may be a session management non-access stratum message (SM NAS message). If the SMF sends the second restricted service policy to the terminal by using the AMF and the access network device, the SM NAS message may further carry the identifier of the terminal. The identifier is used by the AMF and the access network device to address the terminal.
- SM NAS message session management non-access stratum message
- Step 406a The terminal stops transmission of an uplink data flow according to the second restricted service policy.
- the terminal may enter a restricted service state according to the second restricted service policy, in other words, stop transmission of the uplink data flow.
- the terminal may set, according to the indication information in the received QoS rule, the filter that is of the terminal and that is used to transmit the uplink data packet to invalid, to stop transmission of the uplink data flow.
- the terminal may further send an acknowledgment message to the SMF.
- the acknowledgment message is used to acknowledge reception of the second restricted service policy sent by the SMF.
- the terminal sends an SM NAS acknowledgment (acknowledge, ack) message to the SMF by using the RAN and the AMF.
- step 405b The following describes the step 405b and the step 406b.
- Step 405b The SMF sends the identifier of the terminal and a third restricted service policy to an access network device.
- the third restricted service policy is used to stop an uplink data flow of the terminal.
- the third restricted service policy may include a QoS configuration file (QoS profile).
- the QoS configuration file is used to stop an uplink data flow.
- the QoS configuration file includes the indication information.
- the indication information is used to instruct the access network device to stop scheduling of an uplink data radio bearer (data radio bearer, DRB) resource for the terminal.
- the identifier of the terminal and the third restricted service policy in the step 405b may be sent by the SMF to the access network device by using the AMF.
- a message about the identifier of the terminal and the third restricted service policy that are sent by the SMF may be an SM NAS message.
- Step 406b The access network device stops an uplink data flow of the terminal based on the identifier of the terminal and the third restricted service policy.
- the access network device may determine, based on the identifier of the terminal and the third restricted service policy, to stop scheduling of the uplink DRB resource for the terminal, to stop the uplink data flow of the terminal.
- the access network device may further send an acknowledgment message to the SMF.
- the acknowledgment message may be used to acknowledge reception of the identifier of the terminal and the third restricted service policy that are sent by the SMF.
- the access network device sends an SM NAS ack message to the SMF by using the AMF.
- Step 405c The SMF sends the identifier of the terminal and a fourth restricted service policy to a UPF.
- the fourth restricted service policy is used to restrict a downlink data flow of the terminal.
- the fourth restricted service policy may include QoS information (QoS information).
- QoS information is used to restrict a downlink data flow.
- the QoS information includes the indication information.
- the indication information is used to instruct the UPF to send a downlink data flow only of ⁇ a port with a certain IP> to the terminal.
- the SMF may add the identifier of the terminal and the fourth restricted service policy in the step 405c to a session modification request (session modification request) message and send the message to the UPF. Further, after receiving the identifier of the terminal and the fourth restricted service policy from the SMF, the UPF may send a response message to the SMF.
- the response message may be a session modification response (session modification response) message.
- Step 406c The UPF restricts a downlink data flow of the terminal based on the identifier of the terminal and the fourth restricted service policy.
- the UPF may determine, based on the identifier of the terminal and the fourth restricted service policy, to send only a downlink data flow only of ⁇ a port with a certain IP> to the terminal, to restrict the downlink data flow of the terminal.
- ⁇ the port with a certain IP> may be an IP address and a port of a maintenance server.
- the maintenance server may deliver data related to a patch or software upgrade to the terminal. This improves management efficiency of the terminal.
- the first network element when determining that the terminal is in a state of exception, sends the identifier of the terminal and the indication information used to indicate that the terminal is in the state of exception or indicate the exception type of the terminal to the PCF, so that the PCF determines, according to the indication information, the first restricted service policy used to provide the restricted service for the terminal, and sends the identifier of the terminal and the first restricted service policy to the SMF, the SMF sends, according to the first restricted service policy, the restricted service policy corresponding to the communications device to the communications device, and the communications device provides the restricted service for the terminal.
- the SMF may send the second restricted service policy to the terminal, so that the terminal may stop transmission of the uplink data flow according to the second restricted service policy.
- the SMF may send the identifier of the terminal and the third restricted service policy to the access network device, so that the access network device may stop, according to the third restricted service policy, scheduling of the uplink DRB resource for the terminal, to stop the uplink data flow of the terminal.
- the SMF may send the identifier of the terminal and the fourth restricted service policy to the UPF, so that the UPF may determine, according to the fourth restricted service policy, to send only the downlink data flow only of ⁇ a port with a certain IP> to the terminal, to restrict the downlink data flow of the terminal.
- ⁇ the port with a certain IP> may be the IP address and the port of the maintenance server, and the maintenance server may deliver the data related to a patch or software upgrade to the terminal, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal.
- FIG. 7 to FIG. 9 are schematic flowcharts of a method for providing a restricted service according to another embodiment of this application.
- a first network element is the NWDAF in FIG. 1 is used as an example.
- the first network element is the AF in FIG. 1
- the method may include the following steps.
- Step 501 The NWDAF determines that a terminal is in a state of exception.
- Step 502 The NWDAF sends an identifier of the terminal and indication information to a PCF of the terminal.
- step 502 For specific descriptions of the step 502, refer to related descriptions of the step 402 in the embodiment shown in FIG. 4 to FIG. 6 . Details are not described herein again.
- Step 503 The PCF sends the identifier of the terminal and the indication information to an AMF.
- the PCF may invoke an Npcf_AMPolicyControl_UpdateNotify service to send the identifier of the terminal and the indication information to the AMF. Further, after receiving the identifier of the terminal and the indication information from the PCF, the AMF may send a service response message to the PCF. The service response message is used to acknowledge reception of the identifier of the terminal and the indication information that are sent by the PCF.
- Step 504 The AMF sends the identifier of the terminal and the indication information to an SMF of the terminal.
- the SMF of the terminal is an SMF that provides a service for the terminal, and may be one or more SMFs. This is not limited herein.
- the AMF may invoke an Namf_EventExposure_Notify service to send the identifier of the terminal and the indication information to the SMF of the terminal. Further, after receiving the identifier of the terminal and the indication information from the AMF, the SMF of the terminal may send a service response message to the AMF. The service response message is used to acknowledge reception of the identifier of the terminal and the indication information that are sent by the AMF.
- FIG. 7 to FIG. 9 show that the AMF sends the identifier of the terminal and the indication information to only one SMF of the terminal.
- the following steps are also described by using a procedure as an example in which one SMF of the terminal receives the identifier of the terminal and the indication information that are sent by the AMF.
- a procedure in which another SMF of the terminal receives the identifier of the terminal and the indication information that are sent by the AMF is the same as the following procedure. Details are not described herein again.
- Step 505 The SMF sends the identifier of the terminal and the indication information to the PCF corresponding to the SMF.
- the SMF may invoke an Npcf_SMPolicyControl_Update service to send the identifier of the terminal and the indication information to the PCF corresponding to the SMF.
- a context of the terminal that is stored by the SMF includes an address of the PCF corresponding to the SMF.
- Step 506 The PCF determines a first restricted service policy according to the indication information.
- the first restricted service policy may be used to stop an uplink data flow of the terminal, or used to restrict a downlink data flow of the terminal, or used to stop an uplink data flow and restrict a downlink data flow of the terminal.
- Step 507 The PCF sends the identifier of the terminal and the first restricted service policy to the SMF.
- the PCF may add the identifier of the terminal and the first restricted service policy to a service response message sent to the SMF.
- the method further includes: after receiving the identifier of the terminal and the first restricted service policy, the SMF may send, according to the received first restricted service policy, the restricted service policy corresponding to a communications device to the communications device, so that the communications device provides a restricted service for the terminal according to the received restricted service policy.
- the method when the first restricted service policy is used to stop an uplink data flow of the terminal, the method may include the following step 508a and step 509a.
- the method when the first restricted service policy is used to stop an uplink data flow of the terminal, the method may include the following step 508b and step 509b.
- the method may include the following step 508c and step 509c.
- the method may include the following step 508a, step 508c, and step 509c, or the method may include the following step 508b, step 509b, step 508c, and step 509c.
- Step 508a The SMF sends a second restricted service policy to the terminal.
- step 508a For specific descriptions of the step 508a, refer to related descriptions of the step 405a in the embodiment shown in FIG. 4 . Details are not described herein again.
- Step 509a The terminal stops transmission of an uplink data flow according to the second restricted service policy.
- step 509a For specific descriptions of the step 509a, refer to related descriptions of the step 406a in the embodiment shown in FIG. 4 . Details are not described herein again.
- the terminal may further send an acknowledgment message to the SMF.
- the acknowledgment message is used to acknowledge reception of the second restricted service policy sent by the SMF.
- the terminal sends an SM NAS ack message to the SMF by using a RAN and the AMF.
- Step 508b The SMF sends the identifier of the terminal and a third restricted service policy to an access network device.
- step 508b For specific descriptions of the step 508b, refer to related descriptions of the step 405b in the embodiment shown in FIG. 5 . Details are not described herein again.
- Step 509b The access network device stops an uplink data flow of the terminal according to the identifier of the terminal and the third restricted service policy.
- step 509b For specific descriptions of the step 509b, refer to related descriptions of the step 406b in the embodiment shown in FIG. 5 . Details are not described herein again.
- the access network device may further send an acknowledgment message to the SMF.
- the acknowledgment message may be used to acknowledge reception of the identifier of the terminal and the third restricted service policy that are sent by the SMF.
- the access network device sends an SM NAS ack message to the SMF by using the AMF.
- Step 508c The SMF sends the identifier of the terminal and a fourth restricted service policy to a UPF.
- step 508c For specific descriptions of the step 508c, refer to related descriptions of the step 405c in the embodiment shown in FIG. 6 . Details are not described herein again.
- Step 509c The UPF restricts a downlink data flow of the terminal based on the identifier of the terminal and the fourth restricted service policy.
- step 509c For specific descriptions of the step 509c, refer to related descriptions of the step 406c in the embodiment shown in FIG. 6 . Details are not described herein again.
- the first network element when determining that the terminal is in a state of exception, sends, to the PCF that provides the service for the terminal, the identifier of the terminal and the indication information used to indicate that the terminal is in the state of exception or indicate an exception type of the terminal, so that the PCF sends the identifier of the terminal and the indication information to the AMF.
- the AMF sends the identifier of the terminal and the indication information to the SMF of the terminal.
- the SMF sends the identifier of the terminal and the indication information to the PCF corresponding to the SMF.
- the PCF determines, according to the received indication information, the first restricted service policy used to provide the restricted service for the terminal, and sends the identifier of the terminal and the first restricted service policy to the SMF. Then, the SMF sends, according to the first restricted service policy, the restricted service policy corresponding to the communications device to the communications device, so that the communications device provides the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal.
- the method provided in the embodiment shown in FIG. 4 to FIG. 9 is described by using an example in which the SMF delivers the restricted service policy to the communications device, so that the communications device provides the restricted service for the terminal.
- the AMF may deliver the restricted service policy to the communications device, so that the communications device provides the restricted service for the terminal.
- a first network element is an NWDAF
- the method may include the following steps.
- Step 601 The NWDAF determines that a terminal is in a state of exception.
- Step 602 The NWDAF sends an identifier of the terminal and indication information to a PCF.
- step 602 For specific descriptions of the step 602, refer to related descriptions of the step 402 in the embodiment shown in FIG. 4 to FIG. 6 . Details are not described herein again.
- Step 603 The PCF determines a first restricted service policy according to the indication information.
- the first restricted service policy may be used to stop an uplink data flow of the terminal.
- Step 604 The PCF sends the identifier of the terminal and the first restricted service policy to an AMF.
- the PCF may invoke an Npcf_AMPolicyControl_UpdateNotify service to send the identifier of the terminal and the first restricted service policy to the AMF. Further, after receiving the identifier of the terminal and the first restricted service policy from the PCF, the AMF may send a service response message to the PCF. The service response message is used to acknowledge reception of the identifier of the terminal and the first restricted service policy that are sent by the PCF.
- the method further includes: after receiving the identifier of the terminal and the first restricted service policy, the AMF may send, according to the received first restricted service policy, the restricted service policy corresponding to a communications device to the communications device, so that the communications device provides a restricted service for the terminal according to the received restricted service policy.
- the method may include the following step 605a and step 606a.
- the method may include the following step 605b and step 606b.
- step 605a The following describes the step 605a and the step 606a.
- Step 605a The AMF sends a second restricted service policy to the terminal.
- the second restricted service policy is used to stop an uplink data flow of the terminal.
- the second restricted service policy may include the indication information.
- the indication information is used to instruct to update or modify a threshold value in a UE route selection policy (UE route selection policy, URSP) of the terminal to a first value.
- the first value is used to stop an uplink data flow.
- UE route selection policy UE route selection policy, URSP
- the second restricted service policy in the step 605a may be sent by the AMF to the terminal by using an access network device (for example, an AN/RAN).
- a message about the second restricted service policy sent by the AMF may be an access and mobility non-access stratum message (AM NAS message). If the AMF sends the second restricted service policy to the terminal by using the access network device, the AM NAS message may further carry the identifier of the terminal. The identifier is used by the access network device to address the terminal.
- Step 606a The terminal stops transmission of an uplink data flow according to the second restricted service policy.
- the terminal may enter a restricted service state according to the second restricted service policy, in other words, stop transmission of the uplink data flow.
- the terminal may update or modify the threshold value in the URSP of the terminal to the first value according to the received indication information, to stop transmission of the uplink data flow.
- the terminal may further send an acknowledgment message to the AMF.
- the acknowledgment message is used to acknowledge reception of the second restricted service policy sent by the AMF.
- the terminal sends an AM NAS ack message to the AMF by using the RAN.
- step 605b The following describes the step 605b and the step 606b.
- Step 605b The AMF sends the identifier of the terminal and a third restricted service policy to an access network device.
- the third restricted service policy is used to stop an uplink data flow of the terminal.
- the third restricted service policy may include a QoS configuration file.
- the QoS configuration file is used to stop an uplink data flow.
- the QoS configuration file includes the indication information.
- the indication information is used to instruct the access network device to stop scheduling of an uplink DRB resource for the terminal.
- the AMF may add the identifier of the terminal and the third restricted service policy to a UE context modification request (UE context modification request) message and send the message to the access network device.
- UE context modification request UE context modification request
- Step 606b The access network device stops an uplink data flow of the terminal according to the identifier of the terminal and the third restricted service policy.
- step 606b For specific descriptions of the step 606b, refer to related descriptions of the step 406b in the embodiment shown in FIG. 5 . Details are not described herein again.
- the access network device may further send an acknowledgment message to the AMF.
- the acknowledgment message may be used to acknowledge reception of the identifier of the terminal and the third restricted service policy that are sent by the AMF.
- the acknowledgment message may be a UE context modification response (UE context modification response) message.
- the step 601 may alternatively be as follows: The AF determines that the terminal is in the state of exception.
- Step 602 may alternatively be as follows: The AF sends the identifier of the terminal and the indication information to a UDM.
- the AF may send the identifier of the terminal and the indication information to the UDM by using an NEF.
- Step 603 may alternatively be as follows: The UDM determines the first restricted service policy according to the indication information.
- Step 604 may alternatively be as follows: The UDM sends the identifier of the terminal and the first restricted service policy to an AMF.
- the NWDAF when determining that the terminal is in a state of exception, the NWDAF sends, the identifier of the terminal and the indication information used to indicate that the terminal is in the state of exception or indicate the exception type of the terminal to the PCF, so that the PCF determines, according to the received indication information, the first restricted service policy used to provide the restricted service for the terminal, and sends the identifier of the terminal and the first restricted service policy to the AMF, the AMF sends, according to the first restricted service policy, the restricted service policy corresponding to the communications device to the communications device, and the communications device provides the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal.
- the method provided in the embodiment shown in FIG. 3 to FIG. 11 is mainly described by using an example in which the PCF determines and delivers the restricted service policy of the terminal, so that the communications device provides the restricted service for the terminal.
- the AF may alternatively determine and deliver the restricted service policy of the terminal, so that the communications device provides the restricted service for the terminal.
- the following embodiment describes a method for determining and delivering a restricted service policy of a terminal by an AF to provide a restricted service for the terminal.
- FIG. 12 is a schematic flowchart of a method for providing a restricted service according to another embodiment of this application. The method may include the following steps.
- Step 701 The AF determines that the terminal is in a state of exception and a first restricted service policy.
- the first restricted service policy may be a restricted service policy corresponding to an exception of the terminal.
- the first restricted service policy is used to provide a restricted service for the terminal.
- the restricted service may include any one of the following: stopping an uplink data flow; restricting a downlink data flow; and stopping an uplink data flow and restricting a downlink data flow.
- the first restricted service policy may be stopping an uplink data flow of the terminal, or may be restricting a downlink data flow of the terminal, or may be stopping an uplink data flow and restricting a downlink data flow of the terminal.
- step 701 that the AF determines that the terminal is in the state of exception may alternatively be as follows: The AF determines, based on traffic information of the terminal, that the terminal is in the state of exception. "The terminal is in the state of exception” may also be referred to as "terminal traffic is abnormal.”
- the AF determines that the terminal is in a state of exception in the step 701 may alternatively be as follows:
- the AF determines an exception type of the terminal, or the AF determines an exception type of the terminal based on traffic information of the terminal.
- the exception type may include any one of the following: abnormal uplink traffic; abnormal downlink traffic; and abnormal uplink traffic and abnormal downlink traffic.
- the exception type of the terminal may be a traffic exception type of the terminal.
- the first restricted service policy may also be referred to as a restricted service policy corresponding to the exception type of the terminal.
- determining, by the AF based on the traffic information of the terminal, that the terminal is in the state of exception refer to related descriptions of determining, by the first network element based on the traffic information of the terminal, that the terminal is in the state of exception in the step 301 included in the method provided in the embodiment shown in FIG. 3 .
- determining the exception type of the terminal by the AF refer to related descriptions of determining the exception type of the terminal by the first network element in the step 301 included in the method provided in the embodiment shown in FIG. 3 . Details are not described herein again.
- the alternative step in which the AF determines, based on traffic information of the terminal, that the terminal is in the state of exception
- the step 701 in which the AF determines that the terminal is in the state of exception
- the AF may store the restricted service policy corresponding to the exception of the terminal, namely, the first restricted service policy.
- the first restricted service policy may be stopping an uplink data flow of the terminal, or may be restricting a downlink data flow of the terminal, or may be stopping an uplink data flow and restricting a downlink data flow of the terminal.
- the first restricted service policy stored on the AF may be predefined, or may be preconfigured on the AF, or may be delivered by another communications device to the AF. This is not specifically limited in this embodiment of this application.
- the AF may store a correspondence between an exception and a restricted service policy, and the AF determines, based on the correspondence between an exception and a restricted service policy, the restricted service policy corresponding to the exception of the terminal as the first restricted service policy.
- the AF may store a mapping relationship between an exception type and a restricted service policy, as shown in Table 2.
- that the AF determines a first restricted service policy in the step 701 may alternatively be as follows: The AF determines, based on the mapping relationship shown in Table 2, the restricted service policy corresponding to the exception type as the first restricted service policy.
- the first restricted service policy when the exception type is abnormal uplink traffic, the first restricted service policy is stopping an uplink data flow of the terminal. When the exception type is abnormal downlink traffic, the first restricted service policy is restricting a downlink data flow of the terminal. When the exception type is abnormal uplink traffic and abnormal downlink traffic, the first restricted service policy is stopping an uplink data flow and restricting a downlink data flow of the terminal.
- Step 702 The AF sends an identifier of the terminal and the first restricted service policy to a UDM.
- Step 703 The UDM receives the identifier of the terminal and the first restricted service policy from the AF.
- Step 704 The UDM sends the identifier of the terminal and the first restricted service policy to an SMF.
- the UDM may directly send the identifier of the terminal and the first restricted service policy to the SMF.
- the SMF may directly send the identifier of the terminal and the first restricted service policy to the SMF.
- the UDM may alternatively send the identifier of the terminal and the first restricted service policy to the SMF by using an AMF.
- the UDM may alternatively send the identifier of the terminal and the first restricted service policy to the SMF by using an AMF.
- Step 705 The SMF receives the identifier of the terminal and the first restricted service policy from the UDM.
- Step 706 The SMF sends, according to the received first restricted service policy, a restricted service policy corresponding to a communications device to the communications device.
- the SMF sends the restricted service policy corresponding to the communications device to the communications device, so that the communications device provides the restricted service for the terminal according to the received restricted service policy.
- the communications device may be a terminal, an access network device, or a UPF.
- the communications device may be a terminal and a UPF, or may be an access network device and a UPF.
- the SMF may send a second restricted service policy to the terminal according to the first restricted service policy, so that the terminal performs a related operation according to the second restricted service policy, for example, stops the uplink data flow of the terminal.
- the SMF may send a second restricted service policy to the terminal according to the first restricted service policy, so that the terminal performs a related operation according to the second restricted service policy, for example, stops the uplink data flow of the terminal.
- the SMF may send the identifier of the terminal and a third restricted service policy to an access network device according to the first restricted service policy, so that the access network device provides the restricted service for the terminal based on the identifier of the terminal and the third restricted service policy, for example, stops the uplink data flow of the terminal.
- the SMF may send the identifier of the terminal and a third restricted service policy to an access network device according to the first restricted service policy, so that the access network device provides the restricted service for the terminal based on the identifier of the terminal and the third restricted service policy, for example, stops the uplink data flow of the terminal.
- the SMF may send the identifier of the terminal and a fourth restricted service policy to the UPF according to the first restricted service policy, so that the UPF provides the restricted service for the terminal based on the identifier of the terminal and the fourth restricted service policy, for example, restricts the downlink data flow of the terminal.
- the SMF may send the identifier of the terminal and a fourth restricted service policy to the UPF according to the first restricted service policy, so that the UPF provides the restricted service for the terminal based on the identifier of the terminal and the fourth restricted service policy, for example, restricts the downlink data flow of the terminal.
- the SMF may send the second restricted service policy to the terminal according to the first restricted service policy, so that the terminal performs a related operation according to the second restricted service policy, for example, stops then uplink data flow of the terminal, and sends the identifier of the terminal and the fourth restricted service policy to the UPF, so that the UPF provides the restricted service for the terminal based on the identifier of the terminal and the fourth restricted service policy, for example, restricts the downlink data flow of the terminal.
- the SMF may send the identifier of the terminal and the third restricted service policy to the access network device according to the first restricted service policy, so that the access network device provides the restricted service for the terminal based on the identifier of the terminal and the third restricted service policy, for example, stops the uplink data flow of the terminal, and sends the identifier of the terminal and the fourth restricted service policy to the UPF, so that the UPF provides the restricted service for the terminal based on the identifier of the terminal and the fourth restricted service policy, for example, restricts the downlink data flow of the terminal.
- the second restricted service policy is used to stop an uplink data flow of the terminal.
- the third restricted service policy is used to stop an uplink data flow of the terminal.
- the fourth restricted service policy is used to restrict a downlink data flow of the terminal.
- the AF determines the first restricted service policy used to provide the restricted service for the terminal, and sends the identifier of the terminal and the first restricted service policy to the UDM, so that the UDM sends the identifier of the terminal and the first restricted service policy to the SMF, to provide the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal.
- FIG. 13 to FIG. 15 are schematic flowcharts of a method for providing a restricted service according to another embodiment of this application.
- the method may include the following steps.
- Step 801 An AF determines that a terminal is in a state of exception and a first restricted service policy.
- Step 802 The AF sends an identifier of the terminal and the first restricted service policy to a UDM.
- the AF may send the identifier of the terminal and the first restricted service policy to the UDM by using an NEF.
- the AF sends an AF traffic steering request (AF traffic steering request) message to the NEF.
- the AF traffic steering request message includes the identifier of the terminal and the first restricted service policy.
- the NEF sends an update request (updated request) to the UDM.
- the updated request includes the identifier of the terminal and the first restricted service policy.
- the NEF may return an AF traffic steering response (AF traffic steering response message) to the AF.
- the UDM may send an updated response (updated response) message to the NEF.
- Step 803 The UDM sends the identifier of the terminal and the first restricted service policy to an SMF.
- the UDM may invoke an Nudm_SDM_Notification service to send the identifier of the terminal and the first restricted service policy to the SMF. Further, after receiving the identifier of the terminal and the first restricted service policy from the UDM, the SMF may send a service response message to the UDM. The service response message is used to acknowledge reception of the identifier of the terminal and the first restricted service policy that are sent by the UDM.
- the method further includes: after receiving the identifier of the terminal and the first restricted service policy, the SMF may deliver, according to the first restricted service policy, the restricted service policy corresponding to a communications device to the communications device, so that the communications device provides a restricted service for the terminal according to the received restricted service policy.
- the method when the first restricted service policy is used to stop an uplink data flow of the terminal, the method may include the following step 804a and step 805a.
- the method when the first restricted service policy is used to stop an uplink data flow of the terminal, the method may include the following step 804b and step 805b.
- the method may include the following step 804c and step 805c.
- the method may include the following step 804a, step 804c, and step 805c, or the method may include the following step 804b, step 805b, step 804c, and step 805c.
- the SMF may alternatively send the identifier of the terminal and the first restricted service policy to a PCF corresponding to the SMF, so that the PCF determines whether to modify the first restricted service policy. If the PCF does not need to modify the first restricted service policy, the PCF may send the identifier of the terminal and the first restricted service policy to the SMF. If the PCF needs to modify the first restricted service policy, the PCF may send a modified restricted service policy to the SMF, so that the SMF delivers, according to the modified restricted service policy, the restricted service policy corresponding to the communications device to the communications device, to provide the restricted service for the terminal.
- step 804a The following describes the step 804a and the step 805a.
- Step 804a The SMF sends a second restricted service policy to the terminal.
- step 804a For specific descriptions of the step 804a, refer to related descriptions of the step 405a in the method provided in the embodiment shown in FIG. 4 . Details are not described herein again.
- Step 805a The terminal stops transmission of an uplink data flow according to the second restricted service policy.
- step 805a For specific descriptions of the step 805a, refer to related descriptions of the step 406a in the method provided in the embodiment shown in FIG. 4 . Details are not described herein again.
- the terminal may further send an acknowledgment message to the SMF.
- the acknowledgment message is used to acknowledge reception of the second restricted service policy sent by the SMF.
- the terminal sends an SM NAS ack message to the SMF by using a RAN and an AMF.
- step 804b The following describes the step 804b and the step 805b.
- Step 804b The SMF sends the identifier of the terminal and the third restricted service policy to an access network device.
- step 804b For specific descriptions of the step 804b, refer to related descriptions of the step 405b in the method provided in the embodiment shown in FIG. 5 . Details are not described herein again.
- Step 805b The access network device stops an uplink data flow of the terminal based on the identifier of the terminal and the third restricted service policy.
- step 805b For specific descriptions of step 805b, refer to related descriptions of the step 406b in the method provided in the embodiment shown in FIG. 5 . Details are not described herein again.
- the access network device may further send an acknowledgment message to the SMF.
- the acknowledgment message may be used to acknowledge reception of the identifier of the terminal and the third restricted service policy that are sent by the SMF.
- the access network device sends an SM NAS ack message to the SMF by using the AMF.
- step 804c The following describes the step 804c and the step 805c.
- Step 804c The SMF sends the identifier of the terminal and a fourth restricted service policy to a UPF.
- step 804c For specific descriptions of the step 804c, refer to related descriptions of the step 405c in the method provided in the embodiment shown in FIG. 6 . Details are not described herein again.
- Step 805c The UPF restricts a downlink data flow of the terminal based on the identifier of the terminal and the fourth restricted service policy.
- step 805c For specific descriptions of the step 805c, refer to related descriptions of the step 406c in the method provided in the embodiment shown in FIG. 6 . Details are not described herein again.
- the AF determines the first restricted service policy that corresponds to an exception of the terminal and that is used to provide the restricted service for the terminal, and sends the identifier of the terminal and the first restricted service policy to the UDM, so that the UDM sends the identifier of the terminal and the first restricted service policy to the SMF, the SMF sends, according to the first restricted service policy, the restricted service policy corresponding to the communications device to the communications device, and the communications device provides the restricted service for the terminal instead, instead of directly deregistering the terminal when the terminal is abnormal.
- FIG. 16 to FIG. 18 are schematic flowcharts of a method for providing a restricted service according to another embodiment of this application. The method may include the following steps.
- Step 901 An AF determines that a terminal is in a state of exception and a first restricted service policy.
- Step 902 The AF sends an identifier of the terminal and the first restricted service policy to a UDM.
- step 902 For specific descriptions of the step 902, refer to related descriptions of the step 802 in the method provided in the embodiment shown in FIG. 13 to FIG. 15 . Details are not described herein again.
- Step 903 The UDM sends the identifier of the terminal and the first restricted service policy to an AMF.
- the UDM may invoke an Nudm_SubscriberData_UpdateNotification service to send the identifier of the terminal and the first restricted service policy to the AMF. Further, after receiving the identifier of the terminal and the first restricted service policy from the UDM, the AMF may send a service response message to the UDM. The service response message is used to acknowledge reception of the identifier of the terminal and the first restricted service policy that are sent by the UDM.
- Step 904 The AMF sends the identifier of the terminal and the first restricted service policy to an SMF of the terminal.
- the SMF of the terminal is an SMF that provides a service for the terminal, and may be one or more SMFs. This is not limited herein.
- the AMF may invoke an Namf_EventExposure_Notify service to send the identifier of the terminal and the first restricted service policy to the SMF of the terminal. Further, after receiving the identifier of the terminal and the first restricted service policy, the SMF of the terminal may send a service response message to the AMF. The service response message is used to acknowledge reception of the identifier of the terminal and the first restricted service policy that are sent by the AMF.
- FIG. 16 to FIG. 18 show that the AMF sends the identifier of the terminal and the first restricted service policy to only one SMF of the terminal.
- the following steps are also described by using a procedure as an example in which one SMF of the terminal receives the identifier of the terminal and the first restricted service policy that are sent by the AMF.
- a procedure in which another SMF of the terminal receives the identifier of the terminal and the first restricted service policy that are sent by the AMF is the same as the following procedure. Details are not described herein again.
- the method further includes: after receiving the identifier of the terminal and the first restricted service policy, the SMF may deliver, according to the first restricted service policy, a restricted service policy corresponding to a communications device to the communications device, so that the communications device provides a restricted service for the terminal according to the received restricted service policy.
- the method when the first restricted service policy is used to stop an uplink data flow of the terminal, the method may include the following step 905a and step 906a.
- the method when the first restricted service policy is used to stop an uplink data flow of the terminal, the method may include the following step 905b and step 906b.
- the method may include the following step 905c and step 906c.
- the method may include the following step 905a, step 905c, and step 906c, or the method may include the following step 905b, step 906b, step 905c, and step 906c.
- the SMF may alternatively send the identifier of the terminal and the first restricted service policy to a PCF corresponding to the SMF, so that the PCF determines whether to modify the first restricted service policy. If the PCF does not need to modify the first restricted service policy, the PCF may send the identifier of the terminal and the first restricted service policy to the SMF. If the PCF needs to modify the first restricted service policy, the PCF may send a modified restricted service policy to the SMF, so that the SMF delivers, according to the modified restricted service policy, the restricted service policy corresponding to the communications device to the communications device, to provide the restricted service for the terminal.
- restricted service policies corresponding to different communications devices to the communications devices refer to related descriptions of delivering, according to the first restricted service policy, the restricted service policy corresponding to the communications device to the communications device. Details are not described herein again.
- step 905a The following describes the step 905a and the step 906a.
- Step 905a The SMF sends a second restricted service policy to the terminal.
- step 905a For specific descriptions of the step 905a, refer to related descriptions of the step 405a in the method provided in the embodiment shown in FIG. 4 . Details are not described herein again.
- Step 906a The terminal stops transmission of an uplink data flow according to the second restricted service policy.
- step 906a For specific descriptions of the step 906a, refer to related descriptions of the step 406a in the method provided in the embodiment shown in FIG. 4 . Details are not described herein again.
- the terminal may further send an acknowledgment message to the SMF.
- the acknowledgment message is used to acknowledge reception of the second restricted service policy sent by the SMF.
- the terminal sends an SM NAS ack message to the SMF by using a RAN and an AMF.
- step 905b The following describes the step 905b and the step 906b.
- Step 905b The SMF sends the identifier of the terminal and a third restricted service policy to an access network device.
- step 905b For specific descriptions of the step 905b, refer to related descriptions of the step 405b in the method provided in the embodiment shown in FIG. 5 . Details are not described herein again.
- Step 906b The access network device stops an uplink data flow of the terminal based on the identifier of the terminal and the third restricted service policy.
- step 906b For specific descriptions of the step 906b, refer to related descriptions of the step 406b in the method provided in the embodiment shown in FIG. 5 . Details are not described herein again.
- the access network device may further send an acknowledgment message to the SMF.
- the acknowledgment message may be used to acknowledge reception of the identifier of the terminal and the third restricted service policy that are sent by the SMF.
- the access network device sends an SM NAS ack message to the SMF by using the AMF.
- Step 905c The SMF sends the identifier of the terminal and a fourth restricted service policy to a UPF.
- step 905c For specific descriptions of the step 905c, refer to related descriptions of the step 405c in the method provided in the embodiment shown in FIG. 6 . Details are not described herein again.
- Step 906c The UPF restricts a downlink data flow of the terminal based on the identifier of the terminal and the fourth restricted service policy.
- step 906c For specific descriptions of the step 906c, refer to related descriptions of the step 406c in the method provided in the embodiment shown in FIG. 6 . Details are not described herein again.
- the AF determines the first restricted service policy that corresponds to an exception of the terminal and that is used to provide the restricted service for the terminal, and sends the identifier of the terminal and the first restricted service policy to the UDM, so that the UDM sends the identifier of the terminal and the first restricted service policy to the AMF, the AMF sends the identifier of the terminal and the first restricted service policy to the SMF of the terminal, the SMF sends, according to the first restricted service policy, the restricted service policy corresponding to the communications device to the communications device, and the communications device provides the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal.
- the nodes such as the NWDAF, the PCF, the AMF, the SMF, the UDM, and other communications device include corresponding hardware structures and/or software modules for implementing the functions.
- the nodes such as the NWDAF, the PCF, the AMF, the SMF, the UDM, and other communications device include corresponding hardware structures and/or software modules for implementing the functions.
- algorithms steps may be implemented by hardware or a combination of hardware and computer software. Whether a function is performed by hardware or hardware driven by computer software depends on particular applications and design constraints of the technical solutions.
- a person skilled in the art may use different methods to implement the described functions for each particular application, but it should not be considered that the implementation goes beyond the scope of this application.
- the NWDAF, the PCF, the AMF, the SMF, the UDM, and other communications device may be divided into functional modules according to the foregoing method examples.
- functional modules may be obtained through division corresponding to the functions.
- two or more functions may be integrated into one processing module.
- the integrated module may be implemented in a form of hardware, or may be implemented in a form of a software functional module.
- module division is an example, and is merely a logical function division. In an actual implementation, another division manner may be used.
- An embodiment of this application provides a communications device.
- the communications device may be a PCF, a chip in the PCF, or a system-on-a-chip.
- the communications device may be configured to perform a function of the PCF in the foregoing embodiments.
- the communications device may include a receiving unit 1001 and a sending unit 1002.
- the receiving unit 1001 is configured to receive an identifier of a terminal and indication information, where the indication information is used to indicate that the terminal is in a state of exception or indicate an exception type of the terminal. For example, the receiving unit 1001 supports the communications device to perform the step 303.
- the sending unit 1002 is configured to send the identifier of the terminal and a first restricted service policy according to the indication information received by the receiving unit 1001, where the first restricted service policy is used to provide a restricted service for the terminal.
- the sending unit 1002 supports the communications device to perform the step 304, the step 404, the step 507, and the step 604.
- the sending unit 1002 shown in FIG. 19 may be further configured to support the communications device to perform the step 503.
- the communications device shown in FIG. 19 may further include: a determining unit 1003, configured to determine the first restricted service policy according to the indication information.
- the determining unit 1003 supports the communications device to perform the step 403, the step 506, and the step 603.
- the communications device configured to perform the method for providing a restricted service, and therefore can achieve a same effect as the method for providing a restricted service.
- the communications device may include a processing module and a communications module.
- the processing module is configured to control and manage an action of the communications device.
- the processing module is configured to support the communications device to perform the step 403, the step 506, the step 603, and other processes of a technology described in the embodiments.
- the communications module is configured to support the communications device to communicate with another network entity, for example, communicate with a functional module or a network entity shown in FIG. 1 .
- the communications module is configured to support the communications device to perform the step 303, the step 304, the step 404, the step 503, the step 507, the step 604, and other processes of the technology described in the embodiments.
- the communications device may further include a storage module, configured to store program code and data of the communications device.
- the processing module may be a processor a controller.
- the processor may implement or execute various example logical blocks, modules, and circuits described with reference to content disclosed in this application.
- the processor may be a combination of processors implementing a computing function, for example, a combination of one or more microprocessors, or a combination of the DSP and a microprocessor, and or the like.
- the communications module may be a transceiver circuit, a communications interface, or the like.
- the storage module may be a memory. When the processing module is a processor, the communications module is a communications interface, and the storage module is a memory, the communications device may be the communications device shown in FIG. 2 .
- the communications device may be an SMF, a chip in the SMF, or a system-on-a-chip.
- the communications device may be configured to perform a function of the SMF in the foregoing embodiments.
- the communications device may include a receiving unit 1101 and a sending unit 1102.
- the receiving unit 1101 is configured to receive an identifier of a terminal and a first restricted service policy. For example, the receiving unit 1101 supports the communications device to perform the step 305 and the step 705.
- the sending unit 1102 is configured to send, to the communications device according to the first restricted service policy received by the receiving unit 1101, the restricted service policy corresponding to the communications device.
- the sending unit 1102 supports the communications device to perform the step 306, the step 405a, the step 405b, the step 405c, the step 508a, the step 508b, the step 508c, the step 706, the step 804a, the step 804b, the step 804c, the step 905a, the step 905b, and the step 905c.
- the communications device configured to perform the method for providing a restricted service, and therefore can achieve a same effect as the method for providing a restricted service.
- the communications device may include a processing module and a communications module.
- the processing module is configured to control and manage an action of the communications device.
- the processing module is configured to support the communications device to perform other processes of a technology described in the embodiments.
- the communications module is configured to support the communications device in communicating with another network entity, for example, communicating with a function module or a network entity shown in FIG. 1 .
- the communications module is configured to support the communications device to perform the step 305, the step 306, the step 405a, the step 405b, the step 405c, the step 508a, the step 508b, the step 508c, the step 705, the step 706, the step 804a, the step 804b, the step 804c, the step 905a, the step 905b, the step 905c, and other processes of the technology described in the embodiments.
- the communications device may further include a storage module, configured to store program code and data of the communications device.
- the processing module may be a processor a controller.
- the processor may implement or execute various example logical blocks, modules, and circuits described with reference to content disclosed in this application.
- the processor may be a combination of processors implementing a computing function, for example, a combination of one or more microprocessors, or a combination of the DSP and a microprocessor, and or the like.
- the communications module may be a transceiver circuit, a communications interface, or the like.
- the storage module may be a memory. When the processing module is a processor, the communications module is a communications interface, and the storage module is a memory, the communications device may be the communications device shown in FIG. 2 .
- the communications device may be an AMF, a chip in the AMF, or a system-on-a-chip.
- the communications system may be configured to perform a function of the AMF in the foregoing embodiments.
- the communications device may include a receiving unit 1201 and a sending unit 1202.
- the receiving unit 1201 is configured to receive an identifier of a terminal and a first restricted service policy, where the first restricted service policy is used to provide a restricted service for the terminal.
- the sending unit 1202 is configured to send, to a communications device according to the first restricted service policy received by the receiving unit 1201, the restricted service policy corresponding to the communications device, to provide the restricted service for the terminal.
- the sending unit 1202 supports the communications device to perform the step 605a and the step 605b.
- the sending unit 1202 may be further configured to support the communications device to perform the step 504 and the step 904.
- the communications device configured to perform the method for providing a restricted service, and therefore can achieve a same effect as the method for providing a restricted service.
- the communications device may include a processing module and a communications module.
- the processing module is configured to control and manage an action of the communications device.
- the communications module is configured to support the communications device to communicate with another network entity, for example, communicate with a functional module or a network entity shown in FIG. 1 .
- the communications module is configured to support the communications device to perform the step 504, the step 605a, the step 605b, the step 904, and other processes of the technology described in the embodiments.
- the communications device may further include a storage module, configured to store program code and data of the communications device.
- the processing module may be a processor a controller.
- the processor may implement or execute various example logical blocks, modules, and circuits described with reference to content disclosed in this application.
- the processor may be a combination of processors implementing a computing function, for example, a combination of one or more microprocessors, or a combination of the DSP and a microprocessor, and or the like.
- the communications module may be a transceiver circuit, a communications interface, or the like.
- the storage module may be a memory. When the processing module is a processor, the communications module is a communications interface, and the storage module is a memory, the communications device may be the communications device shown in FIG. 2 .
- the communications device may be a first network element, a chip in the first network element, or a system-on-a-chip.
- the communications system may be configured to perform a function of the first network element in the foregoing embodiments.
- the first network element may be an NWDAF or an AF.
- the communications device may include a determining unit 1301 and a sending unit 1302.
- the determining unit 1301 is configured to determine that a terminal is in a state of exception. For example, the determining unit 1301 supports the communications device to perform the step 301, the step 401, the step 501, and the step 601.
- the sending unit 1302 is configured to send an identifier of the terminal and indication information to a PCF, where the indication information is used to indicate that the terminal is in the state of exception or indicate an exception type of the terminal.
- the sending unit 1002 supports the communications device to perform the step 302, the step 402, the step 502, and the step 602.
- the communications device configured to perform the method for providing a restricted service, and therefore can achieve a same effect as the method for providing a restricted service.
- the communications device may include a processing module and a communications module.
- the processing module is configured to control and manage an action of the communications device.
- the processing module is configured to support the communications device to perform the step 301, the step 401, the step 501, the step 601, and other processes of a technology described in the embodiments.
- the communications module is configured to support the communications device to communicate with another network entity, for example, communicate with a functional module or a network entity shown in FIG. 1 .
- the communications module is configured to support the communications device to perform the step 302, the step 402, the step 502, the step 602, and other processes of the technology described in the embodiments.
- the communications device may further include a storage module, configured to store program code and data of the communications device.
- the processing module may be a processor a controller.
- the processor may implement or execute various example logical blocks, modules, and circuits described with reference to content disclosed in this application.
- the processor may be a combination of processors implementing a computing function, for example, a combination of one or more microprocessors, or a combination of the DSP and a microprocessor, and or the like.
- the communications module may be a transceiver circuit, a communications interface, or the like.
- the storage module may be a memory. When the processing module is a processor, the communications module is a communications interface, and the storage module is a memory, the communications device may be the communications device shown in FIG. 2 .
- the communications device may be a UDM, a chip in the UDM, or a system-on-a-chip.
- the communications system may be configured to perform a function of the UDM in the foregoing embodiments.
- the communications device may include a receiving unit 1401 and a sending unit 1402.
- the receiving unit 1401 is configured to receive an identifier of a terminal and a first restricted service policy, where the first restricted service policy is used to provide a restricted service for the terminal.
- the receiving unit 1401 supports the communications device to perform the step 703.
- the sending unit 1402 is configured to send the identifier of the terminal and the first restricted service policy.
- the determining unit 1003 supports the communications device to perform the step 704, the step 803, and the step 903.
- the communications device configured to perform the method for providing a restricted service, and therefore can achieve a same effect as the method for providing a restricted service.
- the communications device may include a processing module and a communications module.
- the processing module is configured to control and manage an action of the communications device.
- the communications module is configured to support the communications device to communicate with another network entity, for example, communicate with a functional module or a network entity shown in FIG. 1 .
- the communications module is configured to support the communications device to perform the step 703, the step 704, the step 803, the step 903, and other processes of the technology described in the embodiments.
- the communications device may further include a storage module, configured to store program code and data of the communications device.
- the processing module may be a processor a controller.
- the processor may implement or execute various example logical blocks, modules, and circuits described with reference to content disclosed in this application.
- the processor may be a combination of processors implementing a computing function, for example, a combination of one or more microprocessors, or a combination of the DSP and a microprocessor, and or the like.
- the communications module may be a transceiver circuit, a communications interface, or the like.
- the storage module may be a memory. When the processing module is a processor, the communications module is a communications interface, and the storage module is a memory, the communications device may be the communications device shown in FIG. 2 .
- the communications device may be an AF, a chip in the AF, or a system-on-a-chip.
- the communications system may be configured to perform a function of the AF in the foregoing embodiments.
- the communications device may include a determining unit 1501 and a sending unit 1502.
- the determining unit 1501 is configured to determine that a terminal is in a state of exception and a restricted service policy corresponding to an exception, where the restricted service policy corresponding to the exception is used to provide a restricted service for the terminal. For example, the determining unit 1501 supports the communications device to perform the step 701, the step 801, and the step 901.
- the sending unit 1502 is configured to send an identifier of the terminal and the restricted service policy that corresponds to the exception and that is determined by the determining unit 1501. For example, the sending unit 1502 supports the communications device to perform the step 702, the step 802, and the step 902.
- the communications device configured to perform the method for providing a restricted service, and therefore can achieve a same effect as the method for providing a restricted service.
- the communications device may include a processing module and a communications module.
- the processing module is configured to control and manage an action of the communications device.
- the processing module is configured to support the communications device to perform the step 701, the step 801, the step 901, and other processes of a technology described in the embodiments.
- the communications module is configured to support the communications device to communicate with another network entity, for example, communicate with a functional module or a network entity shown in FIG. 1 .
- the communications module is configured to support the communications device to perform the step 702, the step 802, the step 902, and other processes of the technology described in the embodiments.
- the communications device may further include a storage module, configured to store program code and data of the communications device.
- the processing module may be a processor a controller.
- the processor may implement or execute various example logical blocks, modules, and circuits described with reference to content disclosed in this application.
- the processor may be a combination of processors implementing a computing function, for example, a combination of one or more microprocessors, or a combination of the DSP and a microprocessor, and or the like.
- the communications module may be a transceiver circuit, a communications interface, or the like.
- the storage module may be a memory. When the processing module is a processor, the communications module is a communications interface, and the storage module is a memory, the communications device may be the communications device shown in FIG. 2 .
- the communications system may include the communications device (the communications device may be a PCF) shown in FIG. 19 , the communications device (the communications device may be an SMF) shown in FIG. 20 , the communications device (the communications device may be a first network element, and the first network element may be an NWDAF or an AF) shown in FIG. 22 , a terminal, an access network device, and a UPF.
- the foregoing devices may collaborate with each other to implement the method for providing a restricted service provided in the embodiments of this application, for example, the method provided in any of the embodiments shown in FIG. 3 to FIG. 6 .
- the communications system may further include the communications device (the communications device may be an AMF) shown in FIG. 21 .
- the communications device shown in FIG. 21 and the foregoing devices collaborate with each other to implement the method for providing a restricted service provided in the embodiments of this application. For example, the method provided in any of the embodiments shown in FIG. 7 to FIG. 11 .
- the communications system may include the communications device (the communications device may be an SMF) shown in FIG. 20 , the communications device (the communications device may be a UDM) shown in FIG. 23 , the communications device (the communications device may be an AF) shown in FIG. 24 , a terminal, an access network device, and a UPF.
- the foregoing devices may collaborate with each other to implement the method for providing a restricted service provided in the embodiments of this application, for example, the method provided in any embodiment shown in FIG. 12 to FIG. 15 .
- the communications system may further include the communications device (the communications device may be an AMF) shown in FIG. 21 .
- the communications device shown in FIG. 21 and the foregoing devices collaborate with each other to implement the method for providing a restricted service provided in the embodiments of this application. For example, the method provided in any of the embodiments shown in FIG. 16 to FIG. 18 .
- the disclosed apparatus and method may be implemented in other manners.
- the described apparatus embodiment is merely an example.
- division into the modules or units is merely logical function division and may be other division in an actual implementation.
- a plurality of units or components may be combined or integrated into another apparatus, or some features may be ignored or not performed.
- the displayed or discussed mutual couplings or direct couplings or communication connections may be implemented by using some interfaces.
- the indirect couplings or communication connections between the apparatuses or units may be implemented in electronic, mechanical, or other forms.
- the units described as separate parts may or may not be physically separate, and parts displayed as units may be one or more physical units, may be located in one place, or may be distributed on different places. Some or all of the units may be selected based on actual requirements to achieve the objectives of the solutions of the embodiments.
- functional units in the embodiments of this application may be integrated into one processing unit, or each of the units may exist alone physically, or two or more units are integrated into one unit.
- the integrated unit may be implemented in a form of hardware, or may be implemented in a form of a software functional unit.
- the integrated unit When the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, the integrated unit may be stored in a readable storage medium. Based on such an understanding, the technical solutions of this application essentially, or the part contributing to the prior art, or all or some of the technical solutions may be implemented in the form of a software product.
- the software product is stored in a storage medium and includes several instructions for instructing a device (which may be a single-chip microcomputer, a chip or the like) or a processor to perform all or some of the steps of the methods described in the embodiments of this application.
- the foregoing storage medium includes: any medium that can store program code, such as a USB flash drive, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disc.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
- This application claims priority to Chinese Patent Application No.
201810627352.8 - Embodiments of this application relate to the communications field, and in particular, to a method for providing a restricted service, and a communications device.
- With continuous development of science and technology, the internet of things (internet of things, IoT) has been gaining in popularity. The IoT allows IoT devices to connect to the Internet by using an information sensing device and exchange information, to achieve intelligent identification and management of the IoT devices. Currently, IoT devices such as a smart water meter and a lock of a shared bicycle are basically simple devices, and have comparatively simple functions and security risks. For example, the IoT devices are vulnerable to hacker attacks, hijacking, and abuse, and therefore an abnormality occurs.
- In the prior art, a deregistration method is used for an abnormal IoT device, so that a network side deletes a registration management context and a protocol data unit (protocol data unit, PDU) session of the IoT device, to effectively reduce security risks. However, after the abnormal IoT device is deregistered, maintenance and management such as installing a patch and upgrading software can only be manually performed on the IoT device. This lowers management efficiency of the IoT device.
- Therefore, when the IoT device is abnormal, how to effectively reduce security risks and improve management efficiency of the IoT device has become an important research subject for a person skilled in the art.
- Embodiments of this application provide a method for providing a restricted service, and a communications device, to effectively reduce security risks and improve management efficiency of an IoT device when the IoT device is abnormal.
- To achieve the foregoing objectives, the following technical solutions are used in the embodiments of this application.
- According to a first aspect, an embodiment of this application provides a method for providing a restricted service, where the method may include: receiving, by a PCF, an identifier of a terminal and indication information, where the indication information is used to indicate that the terminal is in a state of exception or indicate an exception type of the terminal; and sending, by the PCF, the identifier of the terminal and a first restricted service policy according to the indication information, where the first restricted service policy is used to provide a restricted service for the terminal. According to the method for providing a restricted service provided in this embodiment of this application, after receiving the identifier of the terminal and the indication information used to indicate that the terminal is in the state of exception or indicate the exception type of the terminal, the PCF sends, according to the indication information, the identifier of the terminal and the first restricted service policy used to provide the restricted service for the terminal, to provide the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal.
- With reference to the first aspect, in a possible implementation, the restricted service includes any one of the following: stopping an uplink data flow; restricting a downlink data flow; and stopping an uplink data flow and restricting a downlink data flow. In this way, a more accurate restricted service can be provided for the terminal.
- With reference to the first aspect or the foregoing possible implementation, in another possible implementation, the sending, by the PCF, the identifier of the terminal and a first restricted service policy may specifically include: sending, by the PCF, the identifier of the terminal and the first restricted service policy to an SMF.
- With reference to the first aspect or the foregoing possible implementation, in another possible implementation, the restricted service may include: stopping an uplink data flow; and the sending, by the PCF, the identifier of the terminal and a first restricted service policy may specifically include: sending, by the PCF, the identifier of the terminal and the first restricted service policy to an AMF.
- With reference to the first aspect or the foregoing possible implementation, in another possible implementation, the receiving, by a policy control function PCF, an identifier of a terminal and indication information may specifically include: receiving, by the PCF, the identifier of the terminal and the indication information from an NWDAF, an AF, or the SMF.
- According to a second aspect, an embodiment of this application provides a method for providing a restricted service, where the method may include: receiving, by an SMF, an identifier of a terminal and a first restricted service policy; and when the first restricted service policy is used to stop an uplink data flow of the terminal, sending, by the SMF, a second restricted service policy to the terminal, where the second restricted service policy is used to stop the uplink data flow of the terminal; or when the first restricted service policy is used to stop an uplink data flow of the terminal, sending, by the SMF, an identifier of the terminal and a third restricted service policy to an access network device, where the third restricted service policy is used to stop the uplink data flow of the terminal; or when the first restricted service policy is used to restrict a downlink data flow of the terminal, sending, by the SMF, an identifier of the terminal and a fourth restricted service policy to a user plane function UPF, where the fourth restricted service policy is used to restrict the downlink data flow of the terminal; or when the first restricted service policy is used to stop an uplink data flow of the terminal and restrict a downlink data flow of the terminal, sending, by the SMF, a second restricted service policy to the terminal, or sending an identifier of the terminal and a third restricted service policy to an access network device, and sending the identifier of the terminal and a fourth restricted service policy to the UPF, where the second restricted service policy is used to stop the uplink data flow of the terminal, the third restricted service policy is used to stop the uplink data flow of the terminal, and the fourth restricted service policy is used to restrict the downlink data flow of the terminal. According to the method for providing a restricted service provided in this embodiment of this application, after receiving the identifier of the terminal and the first restricted service policy used to provide a restricted service for the terminal, the SMF sends, according to the first restricted service policy, a restricted service policy corresponding to a communications device to the communications device, so that the communications device can provide the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal.
- With reference to the second aspect, in a possible implementation, the second restricted service policy may include a quality of service QoS rule, and the QoS rule is used to stop an uplink data flow; or the third restricted service policy may include a QoS configuration file, and the QoS configuration file is used to stop an uplink data flow; or the fourth restricted service policy may include QoS information, and the QoS information is used to restrict a downlink data flow.
- With reference to the second aspect or the foregoing possible implementation, in another possible implementation, the receiving, by a session management function SMF, an identifier of a terminal and a first restricted service policy may specifically include: receiving, by the SMF, the identifier of the terminal and the first restricted service policy from a PCF, a UDM, or an AMF.
- With reference to the second aspect or the foregoing possible implementation, in another possible implementation, before the receiving, by the SMF, the identifier of the terminal and the first restricted service policy from a PCF, the method may further include: receiving, by the SMF, the identifier of the terminal and indication information from the AMF, where the indication information is used to indicate that the terminal is in a state of exception or an exception type of the terminal; and sending, by the SMF, the identifier of the terminal and the indication information to the PCF.
- According to a third aspect, an embodiment of this application provides a method for providing a restricted service, where the method may include: receiving, by an AMF, an identifier of a terminal and a first restricted service policy from a PCF, where the first restricted service policy is used to provide a restricted service for the terminal; and sending, by the AMF, a second restricted service policy to the terminal according to the first restricted service policy, where the second restricted service policy is used to stop an uplink data flow of the terminal; or sending, by the AMF, the identifier of the terminal and a third restricted service policy to an access network device according to the first restricted service policy, where the third restricted service policy is used to stop an uplink data flow of the terminal. According to the method for providing a restricted service provided in this embodiment of this application, after receiving the identifier of the terminal and the first restricted service policy used to provide the restricted service for the terminal, the AMF sends, according to the first restricted service policy, a restricted service policy corresponding to a communications device to the communications device, so that the communications device can provide the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is in a state of exception. This effectively reduces security risks and improves management efficiency of the terminal.
- With reference to the third aspect, in a possible implementation, the second restricted service policy may include indication information, and the indication information is used to instruct to update or modify a threshold value of a URSP of the terminal to a first value, and the first value is used to stop an uplink data flow; or the third restricted service policy may include a quality of service QoS configuration file, and the QoS configuration file is used to stop an uplink data flow.
- According to a fourth aspect, an embodiment of this application provides a method for providing a restricted service, where the method may include: determining, by a first network element, that a terminal is in a state of exception; and sending, by the first network element, an identifier of the terminal and indication information to a PCF, where the indication information is used to indicate that the terminal is in the state of exception or indicate an exception type of the terminal. According to the method for providing a restricted service provided in this embodiment of this application, when determining that the terminal is in the state of exception, the first network element sends the identifier of the terminal and the indication information used to indicate that the terminal is in the state of exception or indicate the exception type of the terminal to the PCF, so that the PCF can send, according to the indication information, the identifier of the terminal and a first restricted service policy used to provide a restricted service for the terminal, to provide the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal.
- With reference to the fourth aspect, in a possible implementation, the determining, by a first network element, that a terminal is in a state of exception may specifically include: determining, by the first network element based on traffic information of the terminal, that the terminal is in the state of exception, where the traffic information may include uplink traffic information and/or downlink traffic information.
- With reference to the fourth aspect or the foregoing possible implementation, in another possible implementation, the exception type includes any one of the following: abnormal uplink traffic; abnormal downlink traffic; and abnormal uplink traffic and abnormal downlink traffic. In this way, a more accurate restricted service can be provided for the terminal based on the classified exception types.
- With reference to the fourth aspect or the foregoing possible implementation, in another possible implementation, the first network element may be an NWDAF or an AF.
- According to a fifth aspect, an embodiment of this application provides a method for providing a restricted service, where the method may include: receiving, by a UDM, an identifier of a terminal and a first restricted service policy from an AF, where the first restricted service policy is used to provide a restricted service for the terminal; and
sending, by the UDM, the identifier of the terminal and the first restricted service policy to an AMF or an SMF. According to the method for providing a restricted service provided in this embodiment of this application, after receiving the identifier of the terminal and the first restricted service policy used to provide the restricted service for the terminal, the UDM sends the identifier of the terminal and the first restricted service policy to the AMF or the SMF, to provide the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is in a state of exception. This effectively reduces security risks and improves management efficiency of the terminal. - With reference to the fifth aspect, in a possible implementation, the restricted service may include any one of the following: stopping an uplink data flow; restricting a downlink data flow; and stopping an uplink data flow and restricting a downlink data flow. In this way, a more accurate restricted service can be provided for the terminal.
- According to a sixth aspect, an embodiment of this application provides a method for providing a restricted service, where the method may include: determining, by an AF, that a terminal is in a state of exception and a restricted service policy corresponding to an exception, where the restricted service policy corresponding to the exception is used to provide a restricted service for the terminal; and sending, by the AF, the identifier of the terminal and the restricted service policy corresponding to the exception to a UDM. According to the method for providing a restricted service provided in this embodiment of this application, when determining that the terminal is in the state of exception, the AF may determine the restricted service policy corresponding to the exception, and send the identifier of the terminal and the restricted service policy used to provide the restricted service for the terminal, so that a communications device can provide the restricted service for the terminal according to the restricted service policy, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal.
- With reference to the sixth aspect, in a possible implementation, the determining, by an application function AF, that a terminal is in a state of exception may specifically include: determining, by the AF based on the traffic information of the terminal, that the terminal is in a state of exception, where the traffic information may include uplink traffic information and/or downlink traffic information.
- With reference to the sixth aspect or the foregoing possible implementation, in another possible implementation, the restricted service includes any one of the following: stopping an uplink data flow; restricting a downlink data flow; and stopping an uplink data flow and restricting a downlink data flow. In this way, a more accurate restricted service can be provided for the terminal.
- According to a seventh aspect, an embodiment of this application provides a communications device, where the communications device may include: a receiving unit, configured to receive an identifier of a terminal and indication information, where the indication information is used to indicate that the terminal is in a state of exception or indicate an exception type of the terminal; and a sending unit, configured to send the identifier of the terminal and a first restricted service policy according to the indication information received by the receiving unit, where the first restricted service policy is used to provide a restricted service for the terminal.
- With reference to the seventh aspect, in a possible implementation, the restricted service may include any one of the following: stopping an uplink data flow; restricting a downlink data flow; and stopping an uplink data flow and restricting a downlink data flow.
- With reference to the seventh aspect or the foregoing possible implementation, in another possible implementation, the sending unit may be specifically configured to: send the identifier of the terminal and the first restricted service policy to an SMF.
- With reference to the seventh aspect or the foregoing possible implementation, in another possible implementation, the restricted service may include: stopping an uplink data flow; and the sending unit may be specifically configured to send the identifier of the terminal and the first restricted service policy to an AMF.
- With reference to the seventh aspect or the foregoing possible implementation, in another possible implementation, the receiving unit may be specifically configured to receive the identifier of the terminal and the indication information from an NWDAF, an AF, or the SMF.
- According to an eighth aspect, an embodiment of this application provides a communications device, where the communications device may include: a receiving unit, configured to receive an identifier of a terminal and a first restricted service policy; and a sending unit, configured to: when the first restricted service policy received by the receiving unit is used to stop an uplink data flow of the terminal, send a second restricted service policy to the terminal, where the second restricted service policy is used to stop the uplink data flow of the terminal; or when the first restricted service policy received by the receiving unit is used to stop an uplink data flow of the terminal, send an identifier of the terminal and a third restricted service policy to an access network device, where the third restricted service policy is used to stop the uplink data flow of the terminal; or when the first restricted service policy received by the receiving unit is used to restrict a downlink data flow of the terminal, send an identifier of the terminal a fourth restricted service policy to a UPF, where the fourth restricted service policy is used to restrict the downlink data flow of the terminal; or when the first restricted service policy received by the receiving unit is used to stop an uplink data flow of the terminal and restrict a downlink data flow of the terminal, send a second restricted service policy to the terminal, or send an identifier of the terminal and a third restricted service policy to an access network device, and send the identifier of the terminal and a fourth restricted service policy to the UPF, where the second restricted service policy is used to stop the uplink data flow of the terminal, the third restricted service policy is used to stop the uplink data flow of the terminal, and the fourth restricted service policy is used to restrict the downlink data flow of the terminal.
- With reference to the eighth aspect, in a possible implementation, the second restricted service policy may include a quality of service QoS rule, and the QoS rule is used to stop an uplink data flow; or the third restricted service policy may include a QoS configuration file, and the QoS configuration file is used to stop an uplink data flow; or the fourth restricted service policy may include QoS information, and the QoS information is used to restrict a downlink data flow.
- With reference to the eighth aspect or the foregoing possible implementation, in another possible implementation, the receiving unit may be specifically configured to: receive the identifier of the terminal and the first restricted service policy from a PCF, a UDM, or an AMF.
- With reference to the eighth aspect or the foregoing possible implementation, in another possible implementation, the receiving unit may be further configured to receive the identifier of the terminal and indication information from the AMF, where the indication information is used to indicate that the terminal is in a state of exception or an exception type of the terminal; and the sending unit is further configured to send the identifier of the terminal and the indication information to the PCF.
- According to a ninth aspect, an embodiment of this application provides a communications device, where the communications device may include: a receiving unit, configured to receive an identifier of a terminal and a first restricted service policy from a PCF, where the first restricted service policy is used to provide a restricted service for the terminal; and a sending unit, configured to send a second restricted service policy to the terminal according to the first restricted service policy, where the second restricted service policy is used to stop an uplink data flow of the terminal; or send the identifier of the terminal and a third restricted service policy to an access network device according to the first restricted service policy, where the third restricted service policy is used to stop an uplink data flow of the terminal.
- With reference to the ninth aspect, in a possible implementation, the second restricted service policy may include indication information, and the indication information is used to instruct to update or modify a threshold value of a URSP of the terminal to a first value, and the first value is used to stop an uplink data flow; or the third restricted service policy may include a quality of service QoS configuration file, and the QoS configuration file is used to stop an uplink data flow.
- According to a tenth aspect, a communications device is provided, where the communications device may include: a determining unit, configured to determine that a terminal is in a state of exception; and a sending unit, configured to send an identifier of the terminal and indication information to a PCF, where the indication information is used to indicate that the terminal is in the state of exception or indicate an exception type of the terminal.
- With reference to the tenth aspect, in a possible implementation, the determining unit may be specifically configured to determine, based on traffic information of the terminal, that the terminal is in the state of exception, where the traffic information may include uplink traffic information and/or downlink traffic information.
- With reference to the tenth aspect or the foregoing possible implementation, in another possible implementation, the exception type may include any one of the following: abnormal uplink traffic; abnormal downlink traffic; and abnormal uplink traffic and abnormal downlink traffic.
- With reference to the tenth aspect or the foregoing possible implementation, in another possible implementation, the communications device may be an NWDAF or an AF.
- According to an eleventh aspect, a communications device is provided, where the communications device may include: a receiving unit, configured to receive an identifier of a terminal and a first restricted service policy from an AF, where the first restricted service policy is used to provide a restricted service for the terminal; and a sending unit, configured to send the identifier of the terminal and the first restricted service policy to an AMF or an SMF.
- With reference to the eleventh aspect, in a possible implementation, the restricted service may include any one of the following: stopping an uplink data flow; restricting a downlink data flow; and stopping an uplink data flow and restricting a downlink data flow.
- According to a twelfth aspect, a communications device is provided, where the communications device may include: a determining unit, configured to determine that a terminal is in a state of exception and a restricted service policy corresponding to an exception, where the restricted service policy corresponding to the exception is used to provide a restricted service for the terminal; and a sending unit, configured to send to a UDM, the identifier of the terminal and the restricted service policy that is corresponding to the exception and that is determined by the determining unit.
- With reference to the twelfth aspect, in a possible implementation, the determining unit may be specifically configured to determine, based on the traffic information of the terminal, that the terminal is in the state of exception, where the traffic information may include uplink traffic information and/or downlink traffic information.
- With reference to the twelfth aspect or the foregoing possible implementation, in another possible implementation, the restricted service may include any one of the following: stopping an uplink data flow; restricting a downlink data flow; and stopping an uplink data flow and restricting a downlink data flow.
- According to a thirteenth aspect of the embodiments of this application, a communications device is provided, and includes at least one processor and a memory, where the memory is configured to store a computer program, so that when the computer program is executed by the at least one processor, the computer program implements the method for providing a restricted service according to any one of the first aspect or the possible implementations of the first aspect.
- According to a fourteenth aspect, a computer-readable storage medium is provided, configured to store a computer program. The computer program is used to perform the method for providing a restricted service according to any one of the first aspect or the possible implementations of the first aspect.
- According to a fifteenth aspect, a communications device is provided, and includes at least one processor and a memory, where the memory is configured to store a computer program, so that when the computer program is executed by the at least one processor, the computer program implements the method for providing a restricted service according to any one of the second aspect or the possible implementations of the second aspect.
- According to a sixteenth aspect, a computer-readable storage medium is provided, configured to store a computer program. The computer program is used to perform the method for providing a restricted service according to any one of the second aspect or the possible implementations of the second aspect.
- According to a seventeenth aspect, a communications device is provided, and includes at least one processor and a memory, where the memory is configured to store a computer program, so that when the computer program is executed by the at least one processor, the computer program implements the method for providing a restricted service according to any one of the third aspect or the possible implementations of the third aspect.
- According to an eighteenth aspect, a computer-readable storage medium is provided, configured to store a computer program. The computer program is used to perform the method for providing a restricted service according to any one of the third aspect or the possible implementations of the third aspect.
- According to a nineteenth aspect, a communications device is provided, and includes at least one processor and a memory, where the memory is configured to store a computer program, so that when the computer program is executed by the at least one processor, the computer program implements the method for providing a restricted service according to any one of the fourth aspect or the possible implementations of the fourth aspect.
- According to a twentieth aspect, a computer-readable storage medium is provided, configured to store a computer program. The computer program is used to perform the method for providing a restricted service according to any one of the fourth aspect or the possible implementations of the fourth aspect.
- According to a twenty-first aspect, a communications device is provided, and includes at least one processor and a memory, where the memory is configured to store a computer program, so that when the computer program is executed by the at least one processor, the computer program implements the method for providing a restricted service according to any one of the fifth aspect or the possible implementations of the fifth aspect.
- According to a twenty-second aspect, a computer-readable storage medium is provided, configured to store a computer program. The computer program is used to perform the method for providing a restricted service according to any one of the fifth aspect or the possible implementations of the fifth aspect.
- According to a twenty-third aspect, a communications device is provided, and includes at least one processor and a memory, where the memory is configured to store a computer program, so that when the computer program is executed by the at least one processor, the computer program implements the method for providing a restricted service according to any one of the sixth aspect or the possible implementations of the sixth aspect.
- According to a twenty-fourth aspect, a computer-readable storage medium is provided, configured to store a computer program. The computer program is used to perform the method for providing a restricted service according to any one of the sixth aspect or the possible implementations of the sixth aspect.
- According to a twenty-fifth aspect, a chip system is provided, and includes a processor, configured to implement functions in the foregoing aspects, for example, generating or processing data and/or information in the foregoing methods. In a possible design, the chip system further includes a memory. The memory is configured to store a program instruction and data that are necessary for the communications device. The chip system may include a chip, or may include a chip and another discrete device.
- It may be understood that, the communications devices described in the seventh aspect to the thirteenth aspect, the fifteenth aspect, the seventeenth aspect, the nineteenth aspect, the twenty-first aspect, and the twenty-third aspect, the computer-readable storage medium described in the fourteenth aspect, the sixteenth aspect, the eighteenth aspect, the twentieth aspect, the twenty-second aspect, and the twenty-fourth aspect, and the chip system described in the twenty-fifth aspect are all configured to perform the corresponding methods described above. For advantageous effects that can be achieved, refer to advantageous effects in the corresponding methods. Details are not described herein again.
-
-
FIG. 1 is a simplified schematic diagram of a 5G mobile communications system according to an embodiment of this application; -
FIG. 2 is a schematic diagram of a structure of a communications device according to an embodiment of this application; -
FIG. 3 is a schematic flowchart of a method for providing a restricted service according to an embodiment of this application; -
FIG. 4 is a schematic flowchart of a method for providing a restricted service according to another embodiment of this application; -
FIG. 5 is a schematic flowchart of another method for providing a restricted service according to another embodiment of this application; -
FIG. 6 is a schematic flowchart of still another method for providing a restricted service according to another embodiment of this application; -
FIG. 7 is a schematic flowchart of still another method for providing a restricted service according to another embodiment of this application; -
FIG. 8 is a schematic flowchart of still another method for providing a restricted service according to another embodiment of this application; -
FIG. 9 is a schematic flowchart of still another method for providing a restricted service according to another embodiment of this application; -
FIG. 10 is a schematic flowchart of still another method for providing a restricted service according to another embodiment of this application; -
FIG. 11 is a schematic flowchart of still another method for providing a restricted service according to another embodiment of this application; -
FIG. 12 is a schematic flowchart of still another method for providing a restricted service according to another embodiment of this application; -
FIG. 13 is a schematic flowchart of still another method for providing a restricted service according to another embodiment of this application; -
FIG. 14 is a schematic flowchart of still another method for providing a restricted service according to another embodiment of this application; -
FIG. 15 is a schematic flowchart of still another method for providing a restricted service according to another embodiment of this application; -
FIG. 16 is a schematic flowchart of still another method for providing a restricted service according to another embodiment of this application; -
FIG. 17 is a schematic flowchart of still another method for providing a restricted service according to another embodiment of this application; -
FIG. 18 is a schematic flowchart of still another method for providing a restricted service according to another embodiment of this application; -
FIG. 19 is a schematic diagram of composition of a communications device according to an embodiment of this application; -
FIG. 20 is a schematic diagram of composition of another communications device according to an embodiment of this application; -
FIG. 21 is a schematic diagram of composition of still another communications device according to an embodiment of this application; -
FIG. 22 is a schematic diagram of composition of still another communications device according to an embodiment of this application; -
FIG. 23 is a schematic diagram of composition of still another communications device according to an embodiment of this application; and -
FIG. 24 is a schematic diagram of composition of still another communications device according to an embodiment of this application. - The term "and/or" in the embodiments describes only an association relationship for describing associated objects and indicates that three relationships may exist. For example, A and/or B may represent the following three cases: Only A exists, both A and B exist, and only B exists. In addition, the character "/" in the following embodiments generally indicates an "or" relationship between the associated objects.
- The following describes the implementations of the embodiments of this application in detail with reference to accompanying drawings.
- A method for providing a restricted service provided in the embodiments of this application may be applied to any mobile communications system that needs to provide a restricted service for a terminal. For example, the method may be applied to a 5G mobile communications system shown in
FIG. 1 . - As shown in
FIG. 1 , the 5G mobile communication system may include a terminal and an access network device, for example, an access network (access network, AN)/radio access network (radio access network, RAN), a data network (data network, DN), and a plurality of network functions (network function, NF): a network exposure function (network exposure function, NEF), a policy control function (policy control function, PCF), a unified data management (unified data management, UDM), an application function (application function, AF), a network data analytics function (network data analytics function, NWDAF), an access and mobility management function (access and mobility management function, AMF), a session management function (session management function, SMF), and a user plane function (user plane function, UPF). - It may be understood that
FIG. 1 is merely an example diagram of a structure of the 5G mobile communications system. In addition to communications devices shown inFIG. 1 , the 5G mobile communications system may further include other communications devices, such as an authentication server function (authentication server function, AUSF). This is not limited in this embodiment of this application. - In the 5G mobile communications system shown in
FIG. 1 , the communications devices such as the NEF, the PCF, the UDM, the AF, the NWDAF, the AMF, and the SMF may be connected by using a communications bus. Based on the communications bus, the communications devices may establish a connection by invoking a corresponding service-oriented interface, to communicate with each other. For example, the NEF may invoke an Nnef interface to establish a connection to the AF, the UDM, or another communications device connected to the communications bus, to communicate with each other. The PCF may invoke an Npcf interface to establish a connection to the AF, the SMF, the NWDAF, the AMF, or another communications device connected to the communications bus, to communicate with each other. The UDM may invoke an Nudm interface to establish a connection to the SMF or the AMF, or another communications device connected to the communications bus, to communicate with each other. The AF may invoke an Naf interface to establish a connection to the NEF or another communications device connected to the communications bus, to communicate with each other. The NWDAF may invoke an Nnwdaf interface to establish a connection to the PCF or another communications device connected to the communications bus, to communicate with each other. The AMF may invoke an Namf interface to establish a connection to the SMF or another communications device connected to the communications bus, to communicate with each other. The SMF may invoke an Nsmf interface to establish a connection to the PCF or another communications device connected to the communications bus, to communicate with each other. - The communications devices such as the AMF, the SMF, the UPF, the DN, the AN/RAN, and the terminal may establish a connection by using a next-generation network (next generation, NG) interface, to communicate with each other. For example, the terminal may establish a control plane signaling connection to the AMF by using an N interface 1 (N1 for short). The AN/RAN may establish a user plane data connection to the UPF by using an N interface 3 (N3 for short). The AN/RAN may establish a control plane signaling connection to the AMF by using an N interface 2 (N2 for short). The UPF may establish a control plane signaling connection to the SMF by using an N interface 4 (N4 for short). The UPF may exchange user plane data with the DN by using an N interface 6 (N6 for short).
- It should be noted that names of the communications devices and the interfaces between the communications devices in the foregoing structure are merely examples. In a specific implementation, the communications devices and the interfaces between the communications devices may have other names. This is not specifically limited in the embodiments of this application.
- With reference to
FIG. 1 , the communications devices shown inFIG. 1 are described as follows: - The terminal may be a wireless or wired terminal. A wireless terminal may refer to a device that provides a user with voice and/or data connectivity, a handheld device with a wireless connection function, or another processing device connected to a wireless modem. The wireless terminal may communicate with one or more communications devices such as an AMF or an SMF in a core network by using an AN/RAN. The wireless terminal may be a mobile terminal, for example, a mobile phone (or referred to as a "cellular" phone), a smartphone, a satellite wireless device, a wireless modem card, and a computer with a mobile terminal. For example, the computer with a mobile terminal may be a laptop, portable, pocket-sized, handheld, computer built-in, or in-vehicle mobile apparatus that exchanges voice and/or data with a radio access network. For example, the wireless terminal may be a personal communication service (personal communication service, PCS) phone, a cordless telephone set, a session initiation protocol (session initiation protocol, SIP) phone, a wireless local loop (wireless local loop, WLL) station, a personal digital assistant (personal digital assistant, PDA), or another device. The wireless terminal may also be referred to as a system, a subscriber unit (subscriber unit), a subscriber station (subscriber station), a mobile station (mobile station), a mobile console (mobile), a remote station (remote station), an access point (access point), a remote terminal (remote terminal), an access terminal (access terminal), a user terminal (user terminal), user equipment (user equipment, UE), or a user agent (user agent). The terminal may alternatively be a relay (relay).
- The AN/RAN may be a network including a plurality of 5G-ANs/5G-RANs, and is configured to implement functions such as a radio physical layer function, resource scheduling, radio resource management, radio access control, and mobility management. The 5G-AN/5G-RAN may be an access node, a next-generation base station (generation nodeB, gNB), a transmission reception point (transmission receive point, TRP), a transmission point (transmission point, TP), or another access network device.
- The NWDAF may provide a network data analytics service.
- The PCF provides a policy rule and another function to a control plane network element, for example, the NWDAF.
- The NEF may be configured to exchange internal and external information, and the like of a network.
- The UDM provides functions such as managing subscription data of a user and generating authentication information of the user.
- The AF may be an application server that may belong to an operator or a third party.
- The AMF may be a termination point of a control plane (the N2 interface) of a radio access network, a termination point of non-access signaling (NAS, the N1 interface), and has functions such as performing mobility management, lawful interception, and access authorization/authentication on a terminal.
- The SMF has functions such as establishing, modifying, and deleting a session.
- The UPF is an anchor for radio access technology handover, and may be configured to perform functions such as routing and forwarding of user plane data. For example, the UPF is responsible for filtering a data packet, transmitting/forwarding data, performing rate control, generating charging information, and the like for the terminal.
-
FIG. 2 is a schematic diagram of a structure of acommunications device 20 according to an embodiment of this application.FIG. 2 shows a structure of the AN/RAN, the NEF, the PCF, the UDM, the AF, the NWDAF, the AMF, the SMF, the UPF, and the terminal in the 5G mobile communications system shown inFIG. 1 . As shown inFIG. 2 , thecommunications device 20 may include at least oneprocessor 21, amemory 22, acommunications interface 23, and acommunications bus 24. Theprocessor 21, thememory 22, and thecommunications interface 23 may be connected to each other by using thecommunications bus 24. - It should be noted that the device structure shown in
FIG. 2 constitutes no limitation on thecommunications device 20. Thecommunications device 20 may include more or fewer components than those shown in the figure, or combine some components, or have different component arrangements. This is not limited in the embodiments of this application. The following specifically describes each constituent component of thecommunications device 20 with reference toFIG. 2 . - The
processor 21 is a control center of the communications device, and may be one processor or may be a collective name of a plurality of processing components. For example, theprocessor 21 may be a central processing unit (central processing unit, CPU), or an application-specific integrated circuit (application specific integrated circuit, ASIC), or may be configured as one or more integrated circuits implementing the embodiments of this application, for example, one or more digital signal processors (digital signal processor, DSP), or one or more field programmable gate arrays (field programmable gate array, FPGA). Theprocessor 21 may run or execute a software program stored in thememory 22, and invoke data stored in thememory 22, to perform various functions of thecommunications device 20. - In a possible implementation, the
processor 21 may include one or more CPUs, for example, a CPU 0 and a CPU 1 inFIG. 2 . In another possible implementation, thecommunications device 20 may include a plurality of processors, for example, theprocessor 21 and aprocessor 25 shown inFIG. 2 . Each of these processors may be a single-core processor (single-CPU), or may be a multi-core processor (multi-CPU). The processor herein may be one or more devices, circuits, and/or processing cores configured to process data (for example, a computer program instruction). - The
memory 22 may be a read-only memory (read-only memory, ROM), another type of static storage device that can store static information and an instruction, a random access memory (random access memory, RAM), or another type of dynamic storage device that can store information and an instruction, or may be an electrically erasable programmable read-only memory (electrically erasable programmable read-only memory, EEPROM), a compact disc read-only memory (compact disc read-only memory, CD-ROM), another optical disc storage, an optical disc storage (including a compact disc, a laser disc, an optical disc, a digital versatile disc, a Blu-ray disc, and the like), a disk storage medium, another magnetic storage device, or any other medium that can be used to carry or store expected program code in a form of an instruction or a data structure and that can be accessed by a computer. However, this is not limited thereto. Thememory 22 may exist independently, and is connected to theprocessor 21 by using thecommunications bus 24. Alternatively, thememory 22 may be integrated with theprocessor 21. Thememory 22 is configured to store a software program that performs the solution provided by the embodiments of this application, and theprocessor 21 controls execution of the software program. - The
communications interface 23 is configured to communicate with another device or a communications network, for example, an Ethernet, a RAN, or a wireless local area network (wireless local area networks, WLAN). The communications interface23 may be implemented by using any apparatus such as a transceiver. - The
communications bus 24 may be an industry standard architecture (industry standard architecture, ISA) bus, a peripheral component interconnect (peripheral component interconnect, PCI) bus, an extended industry standard architecture (extended industry standard architecture, EISA) bus, or the like. The bus may be classified into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is used to represent the bus inFIG. 2 , but this does not mean that there is only one bus or only one type of bus. - The method for providing a restricted service provided in the embodiments of this application may be applied to the 5G mobile communications system shown in
FIG. 1 . Detailed descriptions are provided below with reference to the 5G mobile communications system shown inFIG. 1 . -
FIG. 3 is a schematic flowchart of a method for providing a restricted service according to an embodiment of this application. The method may include the following steps. - Step 301: A first network element determines that a terminal is in a state of exception.
- The first network element may be the NWDAF or the AF in the 5G mobile communications system shown in
FIG. 1 . - Step 301 may also be referred to as that: A first network element determines, based on traffic information of a terminal, that the terminal is in the state of exception.
- It may be understood that the traffic information of the terminal may be classified into uplink traffic information and downlink traffic information based on different flow directions. In this embodiment of this application, the uplink traffic information may be traffic information corresponding to a data packet sent by the terminal to a network-side device (for example, an AN or a RAN). The downlink traffic information may be traffic information corresponding to a data packet sent by the network-side device to the terminal. The uplink traffic information may include at least one of the following: an uplink flow rate, an uplink flow interval, and an uplink flow size. The downlink traffic information may include at least one of the following: a downlink flow rate, a downlink flow interval, and a downlink flow size. The uplink flow rate may refer to a size of a data packet sent by the terminal to the network-side device within a unit time. The uplink flow interval may refer to an interval between data packets sent by the terminal to the network-side device. The uplink flow size refers to a size of each data packet sent by the terminal to the network-side device. The downlink flow rate may refer to a size of a data packet sent by the network-side device to the terminal within a unit time. The downlink flow interval may refer to an interval between data packets sent by the network-side device to the terminal. The downlink flow size refers to a size of each data packet sent by the network-side device to the terminal.
- For example, in a possible implementation, that the first network element determines, based on traffic information of a terminal (the traffic information may include the uplink traffic information and/or the downlink traffic information), that the terminal is in the state of exception may include: The first network element may determine, based on whether the traffic information of the terminal meets a specific condition, whether the terminal is in the state of exception. If the uplink traffic information and/or the downlink traffic information of the terminal do/does not meet the specific condition, the first network element may determine that the terminal is in the state of exception. If both the uplink traffic information and the downlink traffic information of the terminal meet the specific condition, the first network element may determine that the terminal is not in the state of exception or is normal. The specific condition may be set based on historical traffic information of a large quantity of terminals and an exception result corresponding to the historical traffic information. The exception result may include that the terminal is in the state of exception and the terminal is not in the state of exception (or is normal). It should be noted that, in the embodiments of this application, "the terminal is in a state of exception" may also be referred to as "terminal traffic is abnormal." For example, if the traffic information of the terminal includes a flow rate (for example, an uplink flow rate and/or a downlink flow rate), when the flow rate of the terminal is greater than 2 Mbit/s (M/s), the first network element may determine that the terminal is in the state of exception. For another example, if the traffic information of the terminal includes a flow rate (for example, an uplink flow rate and/or a downlink flow rate) and a flow interval (for example, an uplink flow interval and/or a downlink flow interval), when the flow rate of the terminal is greater than 2 2 Mbit/s, and the flow interval is greater than a preset value, the first network element may determine that the terminal is in the state of exception.
- For example, in another possible implementation, that the traffic information of the terminal does not meet the specific condition may include the following three cases: 1. The uplink traffic information of the terminal does not meet the specific condition. 2. The downlink traffic information of the terminal does not meet the specific condition. 3. Neither the uplink traffic information nor the downlink traffic information of the terminal meets the specific condition. Correspondingly, that the first network element determines, based on traffic information of a terminal (the traffic information may include the uplink traffic information and/or the downlink traffic information), that the terminal is in the state of exception may include: When determining that the terminal is in the state of exception, the first network element may further determine an exception type of the terminal based on the traffic information of the terminal. The exception type may include any one of the following: abnormal uplink traffic; abnormal downlink traffic; and abnormal uplink traffic and abnormal downlink traffic. When determining that the uplink traffic information of the terminal does not meet the specific condition, the first network element may determine that the exception type of the terminal is in the state of exception uplink traffic. For example, when determining that the uplink flow rate of the terminal is greater than 2 Mbit/s, the first network element may determine that the exception type of the terminal is in the state of exception uplink traffic. Alternatively, when determining that the downlink traffic information of the terminal does not meet the specific condition, the first network element may determine that the exception type of the terminal is in the state of exception downlink traffic. For example, when determining that the downlink flow rate of the terminal is greater than 2 Mbit/s, the first network element may determine that the exception type of the terminal is in the state of exception downlink traffic. Alternatively, when determining that neither the uplink traffic information nor the downlink traffic information of the terminal meets the specific condition, the first network element determines that the exception type of the terminal is in the state of exception uplink traffic and abnormal downlink traffic. For example, when determining that the uplink flow rate and the downlink flow rate of the terminal are greater than 2 Mbit/s, the first network element may determine that the exception type of the terminal is in the state of exception uplink traffic and abnormal downlink traffic.
- In a possible implementation, the traffic information of the terminal may be reported to the first network element by a communications device, such as an AMF. For example, the AMF reports the traffic information of the terminal to the first network element. The AMF may monitor uplink traffic of the terminal and determine whether the uplink traffic of the terminal exceeds a threshold. When the uplink traffic of the terminal exceeds the threshold, the AMF may report the uplink traffic information of the terminal to the first network element. Alternatively, the AMF may monitor downlink traffic of the terminal and determine whether the downlink traffic of the terminal exceeds a threshold. When the downlink traffic of the terminal exceeds the threshold, the AMF may report the downlink traffic information of the terminal to the first network element. Alternatively, the AMF may monitor both the uplink traffic and the downlink traffic of the terminal. When both the uplink traffic information and the downlink traffic information of the terminal exceed the threshold, the AMF may report the uplink traffic information and the downlink traffic information of the terminal to the first network element. The AMF may periodically monitor traffic of the terminal (for example, the uplink traffic and/or the downlink traffic), or may monitor the traffic of the terminal according to a monitoring event delivered by the first network element. The monitoring event may be used to instruct to monitor the traffic of the terminal.
- Step 302: The first network element sends an identifier of the terminal and indication information to a PCF.
- The indication information may be used to indicate that the terminal is in the state of exception or indicate the exception type of the terminal. In addition, the identifier of the terminal is used to identify the terminal. For example, the identifier may be an internet protocol (internet protocol, IP) address, a mobile subscriber international ISDN (mobile subscriber international ISDN, MSISDN) number, or the like.
- In the embodiments of this application, "the indication information is used to indicate that the terminal is in the state of exception' may also be referred to as "the indication information is used to indicate that the traffic of the terminal is abnormal"; "the indication information is used to indicate the exception type of the terminal" may also be referred to as "the indication information is used to indicate a traffic exception type of the terminal."
- If the indication information is used to indicate that the terminal is in the state of exception, in a possible implementation, the indication information may include one bit. For example, when the indication information is "0", the indication information is used to indicate that the terminal is in the state of exception. When the indication information is "1", the indication information is used to indicate that the terminal is not in the state of exception or is normal.
- If the indication information is used to indicate the exception type of the terminal, in a possible implementation, the indication information may include two bits. For example, when the indication information is "00", the indication information is used to indicate that the exception type of the terminal is in the state of exception uplink traffic. When the indication information is "01", the indication information is used to indicate that the exception type of the terminal is in the state of exception downlink traffic. When the indication information is "10", the indication information is used to indicate that the exception type of the terminal is in the state of exception uplink traffic and abnormal downlink traffic.
- In a possible implementation, in
step 302, the first network element may directly send the identifier of the terminal and the indication information to the PCF (as shown inFIG. 3 ). For details, refer to any embodiment shown inFIG. 4 to FIG. 6 . This is not limited herein. - In another possible implementation, in
step 302, the first network element may alternatively send the identifier of the terminal and the indication information (not shown inFIG. 3 ) to the PCF by using a communications device such as an NEF, the AMF, or an SMF. For details, refer to any embodiment shown inFIG. 7 to FIG. 9 . This is not limited herein. - Step 303: The PCF receives the identifier of the terminal and the indication information.
- In a possible implementation, in
step 303, the PCF may receive the identifier of the terminal and the indication information from the first network element such as an NWDAF or an AF. For details, refer to any embodiment shown inFIG. 4 to FIG. 6 . This is not limited herein. - In another possible implementation, in the
step 303, the PCF may alternatively receive the identifier of the terminal and the indication information from the SMF. The SMF may receive the identifier of the terminal and the indication information from the first network element. For details, refer to any embodiment shown inFIG. 7 to FIG. 9 . This is not limited herein. - Step 304: The PCF sends the identifier of the terminal and a first restricted service policy (restricted service policy) according to the indication information.
- After receiving the identifier of the terminal and the indication information, the PCF may send the identifier of the terminal and the first restricted service policy to the SMF or the AMF. In
FIG. 3 , thestep 304 to step 306 are described by using an example in which the PCF sends the identifier of the terminal and the first restricted service policy to the SMF. This is not limited herein. - The first restricted service policy may be used to provide a restricted service for the terminal. The restricted service may include any one of the following: stopping an uplink data flow; restricting a downlink data flow; and stopping an uplink data flow and restricting a downlink data flow. The first restricted service policy may be stopping an uplink data flow of the terminal, or may be restricting a downlink data flow of the terminal, or may be stopping an uplink data flow and restricting a downlink data flow of the terminal.
- "Stopping an uplink data flow" may also be referred to as "stopping an uplink data flow of the terminal on a terminal side/RAN side (stop the UL data flow of the Terminal in the Terminal/RAN side)."
- "Restricting a downlink data flow" may also be referred to as "restricting a downlink data flow of the terminal, and allowing a downlink data flow only of <a port with a certain IP> to be sent to the terminal (restrict the DL data flow for the Terminal, only allow DL data flow from <some port, some ip>)"; or "allowing a downlink data flow only of <a port with a certain IP> to be sent to the terminal." "Restricting a downlink data flow of the terminal, and allowing a downlink data flow only of <a port with a certain IP> to be sent to the terminal" refers to restricting the downlink data flow of the terminal by allowing a downlink data flow only of <a port with a certain IP> to be sent to the terminal.
- Specifically, in the
step 304, the PCF may determine the first restricted service policy according to the indication information, and send the identifier of the terminal and the first restricted service policy to the SMF. - For example, in a scenario in which the indication information is used to indicate that the terminal is in the state of exception, the PCF may store a restricted service policy corresponding to an exception of the terminal, namely, the first restricted service policy. The first restricted service policy may be stopping an uplink data flow of the terminal, or may be restricting a downlink data flow of the terminal, or may be stopping an uplink data flow and restricting a downlink data flow of the terminal. The first restricted service policy stored on the PCF may be predefined, or may be preconfigured on the PCF, or may be delivered by another communications device to the PCF. This is not specifically limited in this embodiment of this application. Alternatively, the PCF may store a correspondence between an exception and a restricted service policy, and the PCF determines, based on the correspondence between an exception and a restricted service policy, the restricted service policy corresponding to the exception of the terminal as the first restricted service policy.
- For example, in a scenario in which the indication information is used to indicate the exception type of the terminal, with reference to the example in the
step 302, the PCF may store a mapping relationship between an exception type and a restricted service policy. As shown in Table 1, the PCF determines, based on the mapping relationship, a restricted service policy corresponding to the exception type as the first restricted service policy.Table 1 Abnormality type Restricted service policy Abnormal uplink traffic Stopping an uplink data flow of the terminal Abnormal downlink traffic Restricting a downlink data flow of the terminal Abnormal uplink traffic and abnormal downlink traffic Stopping an uplink data flow and restricting a downlink data flow of the terminal - With reference to Table 1, when the indication information is "00", the indication information is used to indicate that the exception type of the terminal is in the state of exception uplink traffic, and the PCF may determine, based on Table 1, that the first restricted service policy is stopping an uplink data flow of the terminal. When the indication information is "01", the indication information is used to indicate that the exception type of the terminal is in the state of exception downlink traffic, and the PCF may determine, based on Table 1, that the first restricted service policy is restricting a downlink data flow of the terminal. When the indication information is "10", the indication information is used to indicate that the exception type of the terminal is in the state of exception uplink traffic and abnormal downlink traffic, and the PCF may determine, based on Table 1, that the first restricted service policy is stopping an uplink data flow and restricting a downlink data flow of the terminal.
- It should be noted that terminals in the state of exception may correspond to a same or different restricted service policies in this embodiment of this application. For example, in the scenario in which the indication information is used to indicate that the terminal is in the state of exception, a restricted service policy corresponding to terminal 1 in the state of exception may be a restricted service policy 1, and a restricted service policy corresponding to terminal 2 in the state of exception may be a restricted service policy 2. In a scenario in which the indication information is used to indicate the exception type of the terminal, restricted service policies corresponding to different exception types of the terminal 1 in the state of exception may be the restricted service policy 1, the restricted service policy 2, and a restricted service policy 3, and restricted service policies corresponding to different exception types of the terminal 2 in the state of exception may be a restricted service policy 1', a restricted service policy 2', and a restricted service policy 3'.
- Step 305: An SMF receives the identifier of the terminal and the first restricted service policy.
- Step 306: The SMF sends, according to the received first restricted service policy, a restricted service policy corresponding to a communications device to the communications device.
- The restricted service policy corresponding to the communications device is sent to the communications device in the
step 306, so that the communications device provides the restricted service for the terminal according to the received restricted service policy. - The communications device may be a terminal, an access network device, or a UPF. Alternatively, the communications device may be a terminal and a UPF, or may be an access network device and a UPF. This is not limited herein.
- For example, when the first restricted service policy is used to stop an uplink data flow of the terminal, in the
step 306, the SMF may send a second restricted service policy to the terminal according to the first restricted service policy, so that the terminal performs a related operation according to the second restricted service policy, for example, stops the uplink data flow of the terminal. For details, refer to the embodiment shown inFIG. 4 orFIG. 7 . This is not limited herein. - Alternatively, when the first restricted service policy is used to stop an uplink data flow of the terminal, in the
step 306, the SMF may send the identifier of the terminal and a third restricted service policy to an access network device according to the first restricted service policy, so that the access network device provides the restricted service for the terminal based on the identifier of the terminal and the third restricted service policy, for example, stops the uplink data flow of the terminal. For details, refer to the embodiment shown inFIG. 5 orFIG. 8 . This is not limited herein. - For example, when the first restricted service policy is used to restrict a downlink data flow of the terminal, in the
step 306, the SMF may send the identifier of the terminal and a fourth restricted service policy to the UPF according to the first restricted service policy, so that the UPF provides the restricted service for the terminal based on the identifier of the terminal and the fourth restricted service policy, for example, restricts the downlink data flow of the terminal. For details, refer to the embodiment shown inFIG. 6 orFIG. 9 . This is not limited herein. - For example, when the first restricted service policy is used to stop an uplink data flow and restrict a downlink data flow of the terminal, in the
step 306, the SMF may send the second restricted service policy to the terminal according to the first restricted service policy, so that the terminal performs a related operation according to the second restricted service policy, for example, stops then uplink data flow of the terminal, and sends the identifier of the terminal and the fourth restricted service policy to the UPF, so that the UPF provides the restricted service for the terminal based on the identifier of the terminal and the fourth restricted service policy, for example, restricts the downlink data flow of the terminal. - Alternatively, when the first restricted service policy is used to stop an uplink data flow and restrict a downlink data flow of the terminal, in the
step 306, the SMF may send the identifier of the terminal and the third restricted service policy to the access network device according to the first restricted service policy, so that the access network device provides the restricted service for the terminal based on the identifier of the terminal and the third restricted service policy, for example, stops the uplink data flow of the terminal, and sends the identifier of the terminal and the fourth restricted service policy to the UPF, so that the UPF provides the restricted service for the terminal based on the identifier of the terminal and the fourth restricted service policy, for example, restricts the downlink data flow of the terminal. - It should be noted that the second restricted service policy, the third restricted service policy, and the fourth restricted service policy may be the same as or different from the first restricted service policy. For example, after receiving the identifier of the terminal and the first restricted service policy, the SMF may perform the
step 306 without processing the first restricted service policy, but directly send the first restricted service policy to the communications device, so that the communications device provides the restricted service for the terminal according to the first restricted service policy. For another example, in thestep 306, the SMF may use policy information that is in the first restricted service policy and that is used by the terminal to stop the uplink data flow as the second restricted policy and send the second restricted policy to the terminal. In this case, the first restricted service policy is different from the second restricted service policy. Alternatively, the SMF may use policy information that is in the first restricted service policy and that is used by the access network device to stop the uplink data flow of the terminal as the third restricted policy and send the third restricted policy to the access network device. - Alternatively, when the first restricted service policy is used to stop an uplink data flow of the terminal, the
step 304 may alternatively be as follows: The PCF sends the identifier of the terminal and the first restricted service policy to the AMF according to the indication information. Thestep 305 may alternatively be as follows: The AMF receives the identifier of the terminal and the first restricted service policy. Thestep 306 may alternatively be as follows: The AMF sends the restricted service policy corresponding to the communications device to the communications device according to the received first restricted service policy. The restricted service policy corresponding to the communications device is sent to the communications device in thealternative step 306, so that the communications device provides the restricted service for the terminal according to the received restricted service policy. A specific implementation process in which the AMF sends, according to the received first restricted service policy, the restricted service policy corresponding to the communications device to the communications device is similar to that of the SMF in thestep 306. Details are not described herein again. - For example, in the
alternative step 306, the AMF may send the second restricted service policy to the terminal according to the received first restricted service policy, so that the terminal performs a related operation according to the second restricted service policy, for example, stops the uplink data flow of the terminal. For details, refer to the embodiment shown inFIG. 10 . This is not limited herein. Alternatively, in thealternative step 306, the AMF may send the identifier of the terminal and the third restricted service policy to the access network device according to the received first restricted service policy, so that the access network device provides the restricted service for the terminal based on the identifier of the terminal and the third restricted service policy, for example, stops the uplink data flow of the terminal. For details, refer to the embodiment shown inFIG. 11 . This is not limited herein. - The second restricted service policy is used to stop an uplink data flow of the terminal. The third restricted service policy is used to stop an uplink data flow of the terminal. The fourth restricted service policy is used to restrict a downlink data flow of the terminal.
- According to the method for providing a restricted service provided in this embodiment of this application, after receiving the identifier of the terminal and the indication information used to indicate that the terminal is in the state of exception or indicate the exception type of the terminal, the PCF sends, according to the indication information, the identifier of the terminal and the first restricted service policy used to provide the restricted service for the terminal, to provide the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal.
- The following describes the method shown in
FIG. 3 with reference to the 5G mobile communications system shown inFIG. 1 . -
FIG. 4 to FIG. 6 are schematic flowcharts of a method for providing a restricted service according to another embodiment of this application. In the method provided in the embodiment shown inFIG. 4 to FIG. 6 , that a first network element is the NWDAF inFIG. 1 is used as an example. It should be noted that, when the first network element is the AF inFIG. 1 , for an execution process of the first network element, refer to the method provided in the embodiment shown inFIG. 4 to FIG. 6 . Details are not described herein again. The method may include the following steps. - Step 401: The NWDAF determines that a terminal is in a state of exception.
- For a specific implementation of determining, by the NWDAF, that the terminal is in the state of exception, refer to related descriptions of the
step 301 in the embodiment shown inFIG. 3 . Details are not described herein again. - Step 402: The NWDAF sends an identifier of the terminal and indication information to a PCF of the terminal.
- The indication information is used to indicate that the terminal is in the state of exception or indicate an exception type of the terminal. For specific descriptions of the indication information, refer to related descriptions of the
step 302 in the embodiment shown inFIG. 3 . Details are not described herein again. - In a possible implementation, in the
step 402, the NWDAF may invoke an Nnwdaf_EventsSubscription_Notify service to send the identifier of the terminal and the indication information to the PCF. The PCF of the terminal is a PCF that provides a service for the terminal, and may be one or more PCFs. This is not limited herein. A context of the terminal that is stored on the NWDAF includes an address of the PCF that provides the service for the terminal. Further, after receiving the identifier of the terminal and the indication information from the NWDAF, the PCF may send a service response message to the NWDAF. The service response message is used to acknowledge reception of the identifier of the terminal and the indication information that are sent by the NWDAF. - Step 403: The PCF determines a first restricted service policy according to the indication information.
- For a specific implementation of determining, by the PCF, the first restricted service policy according to the indication information, refer to related descriptions of the
step 304 in the embodiment shown inFIG. 3 . Details are not described herein again. - It may be understood that the first restricted service policy may be used to stop an uplink data flow of the terminal, or used to restrict a downlink data flow of the terminal, or used to stop an uplink data flow and restrict a downlink data flow of the terminal.
- Step 404: The PCF sends the identifier of the terminal and the first restricted service policy to an SMF.
- In a possible implementation, in the
step 404, the PCF may invoke an Npcf_SMPolicyControl_UpdateNotify service to send the identifier of the terminal and the first restricted service policy to the SMF. Further, after receiving the identifier of the terminal and the first restricted service policy from the PCF, the SMF may send a service response message to the PC. The service response message is used to acknowledge reception of the identifier of the terminal and the first restricted service policy that are sent by the PCF. - Optionally, the method further includes: after receiving the identifier of the terminal and the first restricted service policy, the SMF sends, to a communications device according to the received first restricted service policy, a restricted service policy corresponding to the communications device, so that the communications device can provide the restricted service for the terminal according to the received restricted service policy.
- For example, as shown in
FIG. 4 , when the first restricted service policy is used to stop an uplink data flow of the terminal, the method may include the followingstep 405a andstep 406a. Alternatively, as shown inFIG. 5 , when the first restricted service policy is used to stop an uplink data flow of the terminal, the method may include the followingstep 405b andstep 406b. - For example, as shown in
FIG. 6 , when the first restricted service policy is used to restrict a downlink data flow of the terminal, the method may include the followingstep 405c andstep 406c. - For example, when the first restricted service policy is used to stop an uplink data flow and restrict a downlink data flow of the terminal, the method may include the following
step 405a,step 405c, andstep 406c, or the method may include the followingstep 405b,step 406b,step 405c, andstep 406c. - The following describes the
step 405a and thestep 406a. -
Step 405a: The SMF sends a second restricted service policy to the terminal. - The second restricted service policy is used to stop an uplink data flow of the terminal.
- In a possible implementation, the second restricted service policy may include a quality of service (quality of service, QoS) rule (QoS rule). The QoS rule is used to stop an uplink data flow. For example, the QoS rule includes the indication information. The indication information is used to instruct the terminal to set a filter that is of the terminal and that is used to transmit an uplink data packet to invalid.
- In a possible implementation, the second restricted service policy in the
step 405a may be sent by the SMF to the terminal by using an AMF and an access network device (for example, an AN/RAN). A message about the second restricted service policy sent by the SMF may be a session management non-access stratum message (SM NAS message). If the SMF sends the second restricted service policy to the terminal by using the AMF and the access network device, the SM NAS message may further carry the identifier of the terminal. The identifier is used by the AMF and the access network device to address the terminal. -
Step 406a: The terminal stops transmission of an uplink data flow according to the second restricted service policy. - The terminal may enter a restricted service state according to the second restricted service policy, in other words, stop transmission of the uplink data flow. In a possible implementation, the terminal may set, according to the indication information in the received QoS rule, the filter that is of the terminal and that is used to transmit the uplink data packet to invalid, to stop transmission of the uplink data flow.
- Further, after receiving the second restricted service policy from the SMF, the terminal may further send an acknowledgment message to the SMF. The acknowledgment message is used to acknowledge reception of the second restricted service policy sent by the SMF. For example, the terminal sends an SM NAS acknowledgment (acknowledge, ack) message to the SMF by using the RAN and the AMF.
- The following describes the
step 405b and thestep 406b. -
Step 405b: The SMF sends the identifier of the terminal and a third restricted service policy to an access network device. - The third restricted service policy is used to stop an uplink data flow of the terminal.
- In a possible implementation, the third restricted service policy may include a QoS configuration file (QoS profile). The QoS configuration file is used to stop an uplink data flow. For example, the QoS configuration file includes the indication information. The indication information is used to instruct the access network device to stop scheduling of an uplink data radio bearer (data radio bearer, DRB) resource for the terminal.
- In a possible implementation, the identifier of the terminal and the third restricted service policy in the
step 405b may be sent by the SMF to the access network device by using the AMF. A message about the identifier of the terminal and the third restricted service policy that are sent by the SMF may be an SM NAS message. -
Step 406b: The access network device stops an uplink data flow of the terminal based on the identifier of the terminal and the third restricted service policy. - In a possible implementation, the access network device may determine, based on the identifier of the terminal and the third restricted service policy, to stop scheduling of the uplink DRB resource for the terminal, to stop the uplink data flow of the terminal.
- Further, after receiving the identifier of the terminal and the third restricted service policy from the SMF, the access network device may further send an acknowledgment message to the SMF. The acknowledgment message may be used to acknowledge reception of the identifier of the terminal and the third restricted service policy that are sent by the SMF. For example, the access network device sends an SM NAS ack message to the SMF by using the AMF.
- The following describes the
step 405c and thestep 406c. -
Step 405c: The SMF sends the identifier of the terminal and a fourth restricted service policy to a UPF. - The fourth restricted service policy is used to restrict a downlink data flow of the terminal. In a possible implementation, the fourth restricted service policy may include QoS information (QoS information). The QoS information is used to restrict a downlink data flow. For example, the QoS information includes the indication information. The indication information is used to instruct the UPF to send a downlink data flow only of <a port with a certain IP> to the terminal.
- In a possible implementation, the SMF may add the identifier of the terminal and the fourth restricted service policy in the
step 405c to a session modification request (session modification request) message and send the message to the UPF. Further, after receiving the identifier of the terminal and the fourth restricted service policy from the SMF, the UPF may send a response message to the SMF. For example, the response message may be a session modification response (session modification response) message. -
Step 406c: The UPF restricts a downlink data flow of the terminal based on the identifier of the terminal and the fourth restricted service policy. - In a possible implementation, the UPF may determine, based on the identifier of the terminal and the fourth restricted service policy, to send only a downlink data flow only of <a port with a certain IP> to the terminal, to restrict the downlink data flow of the terminal. For example, <the port with a certain IP> may be an IP address and a port of a maintenance server. In this way, when the terminal is in the state of exception, the maintenance server may deliver data related to a patch or software upgrade to the terminal. This improves management efficiency of the terminal.
- According to the method provided in the embodiment shown in
FIG. 4 to FIG. 6 , when determining that the terminal is in a state of exception, the first network element sends the identifier of the terminal and the indication information used to indicate that the terminal is in the state of exception or indicate the exception type of the terminal to the PCF, so that the PCF determines, according to the indication information, the first restricted service policy used to provide the restricted service for the terminal, and sends the identifier of the terminal and the first restricted service policy to the SMF, the SMF sends, according to the first restricted service policy, the restricted service policy corresponding to the communications device to the communications device, and the communications device provides the restricted service for the terminal. For example, when the first restricted service policy is used to stop an uplink data flow, the SMF may send the second restricted service policy to the terminal, so that the terminal may stop transmission of the uplink data flow according to the second restricted service policy. Alternatively, when the first restricted service policy is used to stop an uplink data flow, the SMF may send the identifier of the terminal and the third restricted service policy to the access network device, so that the access network device may stop, according to the third restricted service policy, scheduling of the uplink DRB resource for the terminal, to stop the uplink data flow of the terminal. Alternatively, when the first restricted service policy is used to restrict a downlink data flow, the SMF may send the identifier of the terminal and the fourth restricted service policy to the UPF, so that the UPF may determine, according to the fourth restricted service policy, to send only the downlink data flow only of <a port with a certain IP> to the terminal, to restrict the downlink data flow of the terminal. In addition, <the port with a certain IP> may be the IP address and the port of the maintenance server, and the maintenance server may deliver the data related to a patch or software upgrade to the terminal, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal. -
FIG. 7 to FIG. 9 are schematic flowcharts of a method for providing a restricted service according to another embodiment of this application. In the method provided in the embodiment shown inFIG. 7 to FIG. 9 , that a first network element is the NWDAF inFIG. 1 is used as an example. It should be noted that, when the first network element is the AF inFIG. 1 , for an execution process of the first network element, refer to the method provided in the embodiment shown inFIG. 7 to FIG. 9 . Details are not described herein again. The method may include the following steps. - Step 501: The NWDAF determines that a terminal is in a state of exception.
- For a specific implementation of determining, by the NWDAF, that the terminal is in the state of exception, refer to related descriptions of the
step 301 in the embodiment shown inFIG. 3 . Details are not described herein again. - Step 502: The NWDAF sends an identifier of the terminal and indication information to a PCF of the terminal.
- For specific descriptions of the step 502, refer to related descriptions of the
step 402 in the embodiment shown inFIG. 4 to FIG. 6 . Details are not described herein again. - Step 503: The PCF sends the identifier of the terminal and the indication information to an AMF.
- In a possible implementation, in the
step 503, the PCF may invoke an Npcf_AMPolicyControl_UpdateNotify service to send the identifier of the terminal and the indication information to the AMF. Further, after receiving the identifier of the terminal and the indication information from the PCF, the AMF may send a service response message to the PCF. The service response message is used to acknowledge reception of the identifier of the terminal and the indication information that are sent by the PCF. - Step 504: The AMF sends the identifier of the terminal and the indication information to an SMF of the terminal.
- The SMF of the terminal is an SMF that provides a service for the terminal, and may be one or more SMFs. This is not limited herein.
- In a possible implementation, in the
step 504, the AMF may invoke an Namf_EventExposure_Notify service to send the identifier of the terminal and the indication information to the SMF of the terminal. Further, after receiving the identifier of the terminal and the indication information from the AMF, the SMF of the terminal may send a service response message to the AMF. The service response message is used to acknowledge reception of the identifier of the terminal and the indication information that are sent by the AMF. - To simplify the accompanying drawings,
FIG. 7 to FIG. 9 show that the AMF sends the identifier of the terminal and the indication information to only one SMF of the terminal. In addition, for ease of description, the following steps are also described by using a procedure as an example in which one SMF of the terminal receives the identifier of the terminal and the indication information that are sent by the AMF. A procedure in which another SMF of the terminal receives the identifier of the terminal and the indication information that are sent by the AMF is the same as the following procedure. Details are not described herein again. - Step 505: The SMF sends the identifier of the terminal and the indication information to the PCF corresponding to the SMF.
- In the
step 505, the SMF may invoke an Npcf_SMPolicyControl_Update service to send the identifier of the terminal and the indication information to the PCF corresponding to the SMF. In a possible implementation, a context of the terminal that is stored by the SMF includes an address of the PCF corresponding to the SMF. - Step 506: The PCF determines a first restricted service policy according to the indication information.
- For a specific implementation of determining, by the PCF, the first restricted service policy according to the indication information, refer to related descriptions of the
step 304 in the embodiment shown inFIG. 3 . Details are not described herein again. - It may be understood that the first restricted service policy may be used to stop an uplink data flow of the terminal, or used to restrict a downlink data flow of the terminal, or used to stop an uplink data flow and restrict a downlink data flow of the terminal.
- Step 507: The PCF sends the identifier of the terminal and the first restricted service policy to the SMF.
- In a possible implementation, if the SMF invokes the Npcf_SMPolicyControl_Update service to send the identifier of the terminal and the indication information to the PCF, correspondingly in the
step 507, the PCF may add the identifier of the terminal and the first restricted service policy to a service response message sent to the SMF. - Optionally, the method further includes: after receiving the identifier of the terminal and the first restricted service policy, the SMF may send, according to the received first restricted service policy, the restricted service policy corresponding to a communications device to the communications device, so that the communications device provides a restricted service for the terminal according to the received restricted service policy.
- For example, as shown in
FIG. 7 , when the first restricted service policy is used to stop an uplink data flow of the terminal, the method may include the followingstep 508a andstep 509a. Alternatively, as shown inFIG. 8 , when the first restricted service policy is used to stop an uplink data flow of the terminal, the method may include the followingstep 508b andstep 509b. - For example, as shown in
FIG. 9 , when the first restricted service policy is used to restrict a downlink data flow of the terminal, the method may include the followingstep 508c andstep 509c. - For example, when the first restricted service policy is used to stop an uplink data flow and restrict a downlink data flow of the terminal, the method may include the following
step 508a,step 508c, andstep 509c, or the method may include the followingstep 508b,step 509b,step 508c, andstep 509c. - The following describes the
step 508a and thestep 509a. -
Step 508a: The SMF sends a second restricted service policy to the terminal. - For specific descriptions of the
step 508a, refer to related descriptions of thestep 405a in the embodiment shown inFIG. 4 . Details are not described herein again. -
Step 509a: The terminal stops transmission of an uplink data flow according to the second restricted service policy. - For specific descriptions of the
step 509a, refer to related descriptions of thestep 406a in the embodiment shown inFIG. 4 . Details are not described herein again. - Further, after receiving the second restricted service policy from the SMF, the terminal may further send an acknowledgment message to the SMF. The acknowledgment message is used to acknowledge reception of the second restricted service policy sent by the SMF. For example, the terminal sends an SM NAS ack message to the SMF by using a RAN and the AMF.
- The following describes the
step 508b and thestep 509b. -
Step 508b: The SMF sends the identifier of the terminal and a third restricted service policy to an access network device. - For specific descriptions of the
step 508b, refer to related descriptions of thestep 405b in the embodiment shown inFIG. 5 . Details are not described herein again. -
Step 509b: The access network device stops an uplink data flow of the terminal according to the identifier of the terminal and the third restricted service policy. - For specific descriptions of the
step 509b, refer to related descriptions of thestep 406b in the embodiment shown inFIG. 5 . Details are not described herein again. - Further, after receiving the identifier of the terminal and the third restricted service policy from the SMF, the access network device may further send an acknowledgment message to the SMF. The acknowledgment message may be used to acknowledge reception of the identifier of the terminal and the third restricted service policy that are sent by the SMF. For example, the access network device sends an SM NAS ack message to the SMF by using the AMF.
- The following describes the
step 508c and thestep 509c. -
Step 508c: The SMF sends the identifier of the terminal and a fourth restricted service policy to a UPF. - For specific descriptions of the
step 508c, refer to related descriptions of thestep 405c in the embodiment shown inFIG. 6 . Details are not described herein again. -
Step 509c: The UPF restricts a downlink data flow of the terminal based on the identifier of the terminal and the fourth restricted service policy. - For specific descriptions of the
step 509c, refer to related descriptions of thestep 406c in the embodiment shown inFIG. 6 . Details are not described herein again. - According to the method provided in the embodiment shown in
FIG. 7 to FIG. 9 , when determining that the terminal is in a state of exception, the first network element sends, to the PCF that provides the service for the terminal, the identifier of the terminal and the indication information used to indicate that the terminal is in the state of exception or indicate an exception type of the terminal, so that the PCF sends the identifier of the terminal and the indication information to the AMF. The AMF sends the identifier of the terminal and the indication information to the SMF of the terminal. The SMF sends the identifier of the terminal and the indication information to the PCF corresponding to the SMF. The PCF determines, according to the received indication information, the first restricted service policy used to provide the restricted service for the terminal, and sends the identifier of the terminal and the first restricted service policy to the SMF. Then, the SMF sends, according to the first restricted service policy, the restricted service policy corresponding to the communications device to the communications device, so that the communications device provides the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal. - The method provided in the embodiment shown in
FIG. 4 to FIG. 9 is described by using an example in which the SMF delivers the restricted service policy to the communications device, so that the communications device provides the restricted service for the terminal. When the restricted service includes stopping an uplink data flow, in an alternative solution, the AMF may deliver the restricted service policy to the communications device, so that the communications device provides the restricted service for the terminal. With reference toFIG. 10 andFIG. 11 , the following describes, by using an example in which a first network element is an NWDAF, the method provided in the embodiment shown inFIG. 3 . The method may include the following steps. - Step 601: The NWDAF determines that a terminal is in a state of exception.
- For a specific implementation of determining, by the NWDAF, that the terminal is in the state of exception, refer to related descriptions of the
step 301 in the embodiment shown inFIG. 3 . Details are not described herein again. - Step 602: The NWDAF sends an identifier of the terminal and indication information to a PCF.
- For specific descriptions of the
step 602, refer to related descriptions of thestep 402 in the embodiment shown inFIG. 4 to FIG. 6 . Details are not described herein again. - Step 603: The PCF determines a first restricted service policy according to the indication information.
- For a specific implementation of determining, by the PCF, the first restricted service policy according to the indication information, refer to related descriptions of the
step 304 in the embodiment shown inFIG. 3 . Details are not described herein again. In this embodiment of this application, the first restricted service policy may be used to stop an uplink data flow of the terminal. - Step 604: The PCF sends the identifier of the terminal and the first restricted service policy to an AMF.
- In a possible implementation, in the
step 604, the PCF may invoke an Npcf_AMPolicyControl_UpdateNotify service to send the identifier of the terminal and the first restricted service policy to the AMF. Further, after receiving the identifier of the terminal and the first restricted service policy from the PCF, the AMF may send a service response message to the PCF. The service response message is used to acknowledge reception of the identifier of the terminal and the first restricted service policy that are sent by the PCF. - Optionally, the method further includes: after receiving the identifier of the terminal and the first restricted service policy, the AMF may send, according to the received first restricted service policy, the restricted service policy corresponding to a communications device to the communications device, so that the communications device provides a restricted service for the terminal according to the received restricted service policy.
- For example, as shown in
FIG. 10 , the method may include the followingstep 605a andstep 606a. Alternatively, as shown inFIG. 11 , the method may include the followingstep 605b andstep 606b. - The following describes the
step 605a and thestep 606a. -
Step 605a: The AMF sends a second restricted service policy to the terminal. - The second restricted service policy is used to stop an uplink data flow of the terminal. In a possible implementation, the second restricted service policy may include the indication information. The indication information is used to instruct to update or modify a threshold value in a UE route selection policy (UE route selection policy, URSP) of the terminal to a first value. The first value is used to stop an uplink data flow.
- In a possible implementation, the second restricted service policy in the
step 605a may be sent by the AMF to the terminal by using an access network device (for example, an AN/RAN). A message about the second restricted service policy sent by the AMF may be an access and mobility non-access stratum message (AM NAS message). If the AMF sends the second restricted service policy to the terminal by using the access network device, the AM NAS message may further carry the identifier of the terminal. The identifier is used by the access network device to address the terminal. -
Step 606a: The terminal stops transmission of an uplink data flow according to the second restricted service policy. - The terminal may enter a restricted service state according to the second restricted service policy, in other words, stop transmission of the uplink data flow. In a possible implementation, the terminal may update or modify the threshold value in the URSP of the terminal to the first value according to the received indication information, to stop transmission of the uplink data flow.
- Further, after receiving the second restricted service policy from the AMF, the terminal may further send an acknowledgment message to the AMF. The acknowledgment message is used to acknowledge reception of the second restricted service policy sent by the AMF. For example, the terminal sends an AM NAS ack message to the AMF by using the RAN.
- The following describes the
step 605b and thestep 606b. -
Step 605b: The AMF sends the identifier of the terminal and a third restricted service policy to an access network device. - The third restricted service policy is used to stop an uplink data flow of the terminal. In a possible implementation, the third restricted service policy may include a QoS configuration file. The QoS configuration file is used to stop an uplink data flow. For example, the QoS configuration file includes the indication information. The indication information is used to instruct the access network device to stop scheduling of an uplink DRB resource for the terminal.
- In a possible implementation, in the
step 605b, the AMF may add the identifier of the terminal and the third restricted service policy to a UE context modification request (UE context modification request) message and send the message to the access network device. -
Step 606b: The access network device stops an uplink data flow of the terminal according to the identifier of the terminal and the third restricted service policy. - For specific descriptions of the
step 606b, refer to related descriptions of thestep 406b in the embodiment shown inFIG. 5 . Details are not described herein again. - Further, after receiving the identifier of the terminal and the third restricted service policy from the AMF, the access network device may further send an acknowledgment message to the AMF. The acknowledgment message may be used to acknowledge reception of the identifier of the terminal and the third restricted service policy that are sent by the AMF. For example, the acknowledgment message may be a UE context modification response (UE context modification response) message.
- In an alternative solution, when the first network element is an AF, the
step 601 may alternatively be as follows: The AF determines that the terminal is in the state of exception. Step 602 may alternatively be as follows: The AF sends the identifier of the terminal and the indication information to a UDM. The AF may send the identifier of the terminal and the indication information to the UDM by using an NEF. Step 603 may alternatively be as follows: The UDM determines the first restricted service policy according to the indication information. Step 604 may alternatively be as follows: The UDM sends the identifier of the terminal and the first restricted service policy to an AMF. For other descriptions, refer to related descriptions of the embodiment shown inFIG. 10 andFIG. 11 . Details are not described herein again. - According to the method provided in the embodiment shown in
FIG. 10 andFIG. 11 , when determining that the terminal is in a state of exception, the NWDAF sends, the identifier of the terminal and the indication information used to indicate that the terminal is in the state of exception or indicate the exception type of the terminal to the PCF, so that the PCF determines, according to the received indication information, the first restricted service policy used to provide the restricted service for the terminal, and sends the identifier of the terminal and the first restricted service policy to the AMF, the AMF sends, according to the first restricted service policy, the restricted service policy corresponding to the communications device to the communications device, and the communications device provides the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal. - The method provided in the embodiment shown in
FIG. 3 to FIG. 11 is mainly described by using an example in which the PCF determines and delivers the restricted service policy of the terminal, so that the communications device provides the restricted service for the terminal. In an alternative solution, the AF may alternatively determine and deliver the restricted service policy of the terminal, so that the communications device provides the restricted service for the terminal. With reference to the 5G mobile communications system shown inFIG. 1 , the following embodiment describes a method for determining and delivering a restricted service policy of a terminal by an AF to provide a restricted service for the terminal. -
FIG. 12 is a schematic flowchart of a method for providing a restricted service according to another embodiment of this application. The method may include the following steps. - Step 701: The AF determines that the terminal is in a state of exception and a first restricted service policy.
- The first restricted service policy may be a restricted service policy corresponding to an exception of the terminal. The first restricted service policy is used to provide a restricted service for the terminal. The restricted service may include any one of the following: stopping an uplink data flow; restricting a downlink data flow; and stopping an uplink data flow and restricting a downlink data flow. The first restricted service policy may be stopping an uplink data flow of the terminal, or may be restricting a downlink data flow of the terminal, or may be stopping an uplink data flow and restricting a downlink data flow of the terminal.
- In the
step 701, that the AF determines that the terminal is in the state of exception may alternatively be as follows: The AF determines, based on traffic information of the terminal, that the terminal is in the state of exception. "The terminal is in the state of exception" may also be referred to as "terminal traffic is abnormal." - Alternatively, that the AF determines that the terminal is in a state of exception in the
step 701 may alternatively be as follows: The AF determines an exception type of the terminal, or the AF determines an exception type of the terminal based on traffic information of the terminal. The exception type may include any one of the following: abnormal uplink traffic; abnormal downlink traffic; and abnormal uplink traffic and abnormal downlink traffic. The exception type of the terminal may be a traffic exception type of the terminal. In this case, the first restricted service policy may also be referred to as a restricted service policy corresponding to the exception type of the terminal. - It should be noted that, for a specific implementation of determining, by the AF based on the traffic information of the terminal, that the terminal is in the state of exception, refer to related descriptions of determining, by the first network element based on the traffic information of the terminal, that the terminal is in the state of exception in the
step 301 included in the method provided in the embodiment shown inFIG. 3 . For a specific implementation of determining the exception type of the terminal by the AF, refer to related descriptions of determining the exception type of the terminal by the first network element in thestep 301 included in the method provided in the embodiment shown inFIG. 3 . Details are not described herein again. - For example, if the alternative step (in which the AF determines, based on traffic information of the terminal, that the terminal is in the state of exception) but not the step 701 (in which the AF determines that the terminal is in the state of exception) is performed, in this embodiment of this application, that the AF determines the first restricted service policy in the
step 701 may alternatively be as follows: The AF may store the restricted service policy corresponding to the exception of the terminal, namely, the first restricted service policy. The first restricted service policy may be stopping an uplink data flow of the terminal, or may be restricting a downlink data flow of the terminal, or may be stopping an uplink data flow and restricting a downlink data flow of the terminal. The first restricted service policy stored on the AF may be predefined, or may be preconfigured on the AF, or may be delivered by another communications device to the AF. This is not specifically limited in this embodiment of this application. Alternatively, the AF may store a correspondence between an exception and a restricted service policy, and the AF determines, based on the correspondence between an exception and a restricted service policy, the restricted service policy corresponding to the exception of the terminal as the first restricted service policy. - For example, if the alternative step (the AF determines an exception type of the terminal) or (in which the AF determines an exception type of the terminal based on traffic information of the terminal) but not the step 701 (in which the AF determines that the terminal is in the state of exception) is performed, the AF may store a mapping relationship between an exception type and a restricted service policy, as shown in Table 2. In this embodiment of this application, that the AF determines a first restricted service policy in the
step 701 may alternatively be as follows: The AF determines, based on the mapping relationship shown in Table 2, the restricted service policy corresponding to the exception type as the first restricted service policy.Table 2 Abnormality type Restricted service policy Abnormal uplink traffic Stopping an uplink data flow of the terminal Abnormal downlink traffic Restricting a downlink data flow of the terminal Abnormal uplink traffic and abnormal downlink traffic Stopping an uplink data flow and restricting a downlink data flow of the terminal - With reference to Table 2, when the exception type is abnormal uplink traffic, the first restricted service policy is stopping an uplink data flow of the terminal. When the exception type is abnormal downlink traffic, the first restricted service policy is restricting a downlink data flow of the terminal. When the exception type is abnormal uplink traffic and abnormal downlink traffic, the first restricted service policy is stopping an uplink data flow and restricting a downlink data flow of the terminal.
- Step 702: The AF sends an identifier of the terminal and the first restricted service policy to a UDM.
- Step 703: The UDM receives the identifier of the terminal and the first restricted service policy from the AF.
- Step 704: The UDM sends the identifier of the terminal and the first restricted service policy to an SMF.
- In a possible implementation, in the
step 704, the UDM may directly send the identifier of the terminal and the first restricted service policy to the SMF. For details, refer to any embodiment shown inFIG. 13 to FIG. 15 . This is not limited herein. - In another possible implementation, in the
step 704, the UDM may alternatively send the identifier of the terminal and the first restricted service policy to the SMF by using an AMF. For details, refer to any embodiment shown inFIG. 16 to FIG. 18 . This is not limited herein. - Step 705: The SMF receives the identifier of the terminal and the first restricted service policy from the UDM.
- Step 706: The SMF sends, according to the received first restricted service policy, a restricted service policy corresponding to a communications device to the communications device.
- For the
step 706, refer to the related descriptions of the embodiment shown inFIG. 3 . In thestep 706, the SMF sends the restricted service policy corresponding to the communications device to the communications device, so that the communications device provides the restricted service for the terminal according to the received restricted service policy. - The communications device may be a terminal, an access network device, or a UPF. Alternatively, the communications device may be a terminal and a UPF, or may be an access network device and a UPF. This is not limited herein. For example, when the first restricted service policy is used to stop an uplink data flow of the terminal, in the
step 706, the SMF may send a second restricted service policy to the terminal according to the first restricted service policy, so that the terminal performs a related operation according to the second restricted service policy, for example, stops the uplink data flow of the terminal. For details, refer to the embodiment shown inFIG. 13 orFIG. 16 . This is not limited herein. Alternatively, when the first restricted service policy is used to stop an uplink data flow of the terminal, in thestep 706, the SMF may send the identifier of the terminal and a third restricted service policy to an access network device according to the first restricted service policy, so that the access network device provides the restricted service for the terminal based on the identifier of the terminal and the third restricted service policy, for example, stops the uplink data flow of the terminal. For details, refer to the embodiment shown inFIG. 14 orFIG. 17 . This is not limited herein. - For example, when the first restricted service policy is used to restrict a downlink data flow of the terminal, in the
step 706, the SMF may send the identifier of the terminal and a fourth restricted service policy to the UPF according to the first restricted service policy, so that the UPF provides the restricted service for the terminal based on the identifier of the terminal and the fourth restricted service policy, for example, restricts the downlink data flow of the terminal. For details, refer to the embodiment shown inFIG. 15 orFIG. 18 . This is not limited herein. - For example, when the first restricted service policy is used to stop an uplink data flow and restrict a downlink data flow of the terminal, in the
step 706, the SMF may send the second restricted service policy to the terminal according to the first restricted service policy, so that the terminal performs a related operation according to the second restricted service policy, for example, stops then uplink data flow of the terminal, and sends the identifier of the terminal and the fourth restricted service policy to the UPF, so that the UPF provides the restricted service for the terminal based on the identifier of the terminal and the fourth restricted service policy, for example, restricts the downlink data flow of the terminal. Alternatively, when the first restricted service policy is used to stop an uplink data flow and restrict a downlink data flow of the terminal, in thestep 706, the SMF may send the identifier of the terminal and the third restricted service policy to the access network device according to the first restricted service policy, so that the access network device provides the restricted service for the terminal based on the identifier of the terminal and the third restricted service policy, for example, stops the uplink data flow of the terminal, and sends the identifier of the terminal and the fourth restricted service policy to the UPF, so that the UPF provides the restricted service for the terminal based on the identifier of the terminal and the fourth restricted service policy, for example, restricts the downlink data flow of the terminal. - The second restricted service policy is used to stop an uplink data flow of the terminal. The third restricted service policy is used to stop an uplink data flow of the terminal. The fourth restricted service policy is used to restrict a downlink data flow of the terminal.
- According to the method for providing a restricted service provided in this embodiment of this application, when determining that the terminal is in a state of exception, the AF determines the first restricted service policy used to provide the restricted service for the terminal, and sends the identifier of the terminal and the first restricted service policy to the UDM, so that the UDM sends the identifier of the terminal and the first restricted service policy to the SMF, to provide the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal.
- The following describes the method shown in
FIG. 12 with reference to the 5G mobile communications system shown inFIG. 1 . -
FIG. 13 to FIG. 15 are schematic flowcharts of a method for providing a restricted service according to another embodiment of this application. The method may include the following steps. - Step 801: An AF determines that a terminal is in a state of exception and a first restricted service policy.
- For a specific implementation of determining, by the AF, that a terminal is in the state of exception and a first restricted service policy, refer to related descriptions of the
step 701 in the embodiment shown inFIG. 12 . Details are not described herein again. - Step 802: The AF sends an identifier of the terminal and the first restricted service policy to a UDM.
- In a possible implementation, in the
step 802, the AF may send the identifier of the terminal and the first restricted service policy to the UDM by using an NEF. For example, the AF sends an AF traffic steering request (AF traffic steering request) message to the NEF. The AF traffic steering request message includes the identifier of the terminal and the first restricted service policy. The NEF sends an update request (updated request) to the UDM. The updated request includes the identifier of the terminal and the first restricted service policy. Further, after receiving the AF traffic steering request message from the AF, the NEF may return an AF traffic steering response (AF traffic steering response message) to the AF. Further, after receiving the updated request from the NEF, the UDM may send an updated response (updated response) message to the NEF. - Step 803: The UDM sends the identifier of the terminal and the first restricted service policy to an SMF.
- In a possible implementation, in the
step 803, the UDM may invoke an Nudm_SDM_Notification service to send the identifier of the terminal and the first restricted service policy to the SMF. Further, after receiving the identifier of the terminal and the first restricted service policy from the UDM, the SMF may send a service response message to the UDM. The service response message is used to acknowledge reception of the identifier of the terminal and the first restricted service policy that are sent by the UDM. - Optionally, the method further includes: after receiving the identifier of the terminal and the first restricted service policy, the SMF may deliver, according to the first restricted service policy, the restricted service policy corresponding to a communications device to the communications device, so that the communications device provides a restricted service for the terminal according to the received restricted service policy.
- For example, as shown in
FIG. 13 , when the first restricted service policy is used to stop an uplink data flow of the terminal, the method may include the followingstep 804a andstep 805a. Alternatively, as shown inFIG. 14 , when the first restricted service policy is used to stop an uplink data flow of the terminal, the method may include the followingstep 804b andstep 805b. - For example, as shown in
FIG. 15 , when the first restricted service policy is used to restrict a downlink data flow of the terminal, the method may include the followingstep 804c andstep 805c. - For example, when the first restricted service policy is used to stop an uplink data flow and restrict a downlink data flow of the terminal, the method may include the following
step 804a,step 804c, andstep 805c, or the method may include the followingstep 804b,step 805b,step 804c, andstep 805c. - Further, after receiving the identifier of the terminal and the first restricted service policy, the SMF may alternatively send the identifier of the terminal and the first restricted service policy to a PCF corresponding to the SMF, so that the PCF determines whether to modify the first restricted service policy. If the PCF does not need to modify the first restricted service policy, the PCF may send the identifier of the terminal and the first restricted service policy to the SMF. If the PCF needs to modify the first restricted service policy, the PCF may send a modified restricted service policy to the SMF, so that the SMF delivers, according to the modified restricted service policy, the restricted service policy corresponding to the communications device to the communications device, to provide the restricted service for the terminal. For descriptions of delivering, by the SMF according to the modified restricted service policy, the restricted service policy corresponding to the communications device to the communications device, refer to related descriptions of delivering, according to the first restricted service policy, the restricted service policy corresponding to the communications device to the communications device. Details are not described herein again.
- The following describes the
step 804a and thestep 805a. -
Step 804a: The SMF sends a second restricted service policy to the terminal. - For specific descriptions of the
step 804a, refer to related descriptions of thestep 405a in the method provided in the embodiment shown inFIG. 4 . Details are not described herein again. -
Step 805a: The terminal stops transmission of an uplink data flow according to the second restricted service policy. - For specific descriptions of the
step 805a, refer to related descriptions of thestep 406a in the method provided in the embodiment shown inFIG. 4 . Details are not described herein again. - Further, after receiving the second restricted service policy from the SMF, the terminal may further send an acknowledgment message to the SMF. The acknowledgment message is used to acknowledge reception of the second restricted service policy sent by the SMF. For example, the terminal sends an SM NAS ack message to the SMF by using a RAN and an AMF.
- The following describes the
step 804b and thestep 805b. -
Step 804b: The SMF sends the identifier of the terminal and the third restricted service policy to an access network device. - For specific descriptions of the
step 804b, refer to related descriptions of thestep 405b in the method provided in the embodiment shown inFIG. 5 . Details are not described herein again. -
Step 805b: The access network device stops an uplink data flow of the terminal based on the identifier of the terminal and the third restricted service policy. - For specific descriptions of
step 805b, refer to related descriptions of thestep 406b in the method provided in the embodiment shown inFIG. 5 . Details are not described herein again. - Further, after receiving the identifier of the terminal and the third restricted service policy from the SMF, the access network device may further send an acknowledgment message to the SMF. The acknowledgment message may be used to acknowledge reception of the identifier of the terminal and the third restricted service policy that are sent by the SMF. For example, the access network device sends an SM NAS ack message to the SMF by using the AMF.
- The following describes the
step 804c and thestep 805c. -
Step 804c: The SMF sends the identifier of the terminal and a fourth restricted service policy to a UPF. - For specific descriptions of the
step 804c, refer to related descriptions of thestep 405c in the method provided in the embodiment shown inFIG. 6 . Details are not described herein again. -
Step 805c: The UPF restricts a downlink data flow of the terminal based on the identifier of the terminal and the fourth restricted service policy. - For specific descriptions of the
step 805c, refer to related descriptions of thestep 406c in the method provided in the embodiment shown inFIG. 6 . Details are not described herein again. - According to the method provided in the embodiment shown in
FIG. 13 to FIG. 15 , when determining that the terminal is in a state of exception, the AF determines the first restricted service policy that corresponds to an exception of the terminal and that is used to provide the restricted service for the terminal, and sends the identifier of the terminal and the first restricted service policy to the UDM, so that the UDM sends the identifier of the terminal and the first restricted service policy to the SMF, the SMF sends, according to the first restricted service policy, the restricted service policy corresponding to the communications device to the communications device, and the communications device provides the restricted service for the terminal instead, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal. -
FIG. 16 to FIG. 18 are schematic flowcharts of a method for providing a restricted service according to another embodiment of this application. The method may include the following steps. - Step 901: An AF determines that a terminal is in a state of exception and a first restricted service policy.
- For a specific implementation of determining, by the AF, that the terminal is in the state of exception and the first restricted service policy, refer to related descriptions of the
step 701 in the embodiment shown inFIG. 12 . Details are not described herein again. - Step 902: The AF sends an identifier of the terminal and the first restricted service policy to a UDM.
- For specific descriptions of the
step 902, refer to related descriptions of thestep 802 in the method provided in the embodiment shown inFIG. 13 to FIG. 15 . Details are not described herein again. - Step 903: The UDM sends the identifier of the terminal and the first restricted service policy to an AMF.
- In a possible implementation, in the
step 903, the UDM may invoke an Nudm_SubscriberData_UpdateNotification service to send the identifier of the terminal and the first restricted service policy to the AMF. Further, after receiving the identifier of the terminal and the first restricted service policy from the UDM, the AMF may send a service response message to the UDM. The service response message is used to acknowledge reception of the identifier of the terminal and the first restricted service policy that are sent by the UDM. - Step 904: The AMF sends the identifier of the terminal and the first restricted service policy to an SMF of the terminal.
- The SMF of the terminal is an SMF that provides a service for the terminal, and may be one or more SMFs. This is not limited herein.
- In a possible implementation, in the
step 904, the AMF may invoke an Namf_EventExposure_Notify service to send the identifier of the terminal and the first restricted service policy to the SMF of the terminal. Further, after receiving the identifier of the terminal and the first restricted service policy, the SMF of the terminal may send a service response message to the AMF. The service response message is used to acknowledge reception of the identifier of the terminal and the first restricted service policy that are sent by the AMF. - To simplify the accompanying drawings,
FIG. 16 to FIG. 18 show that the AMF sends the identifier of the terminal and the first restricted service policy to only one SMF of the terminal. In addition, for ease of description, the following steps are also described by using a procedure as an example in which one SMF of the terminal receives the identifier of the terminal and the first restricted service policy that are sent by the AMF. A procedure in which another SMF of the terminal receives the identifier of the terminal and the first restricted service policy that are sent by the AMF is the same as the following procedure. Details are not described herein again. - Optionally, the method further includes: after receiving the identifier of the terminal and the first restricted service policy, the SMF may deliver, according to the first restricted service policy, a restricted service policy corresponding to a communications device to the communications device, so that the communications device provides a restricted service for the terminal according to the received restricted service policy.
- For example, as shown in
FIG. 16 , when the first restricted service policy is used to stop an uplink data flow of the terminal, the method may include the followingstep 905a andstep 906a. Alternatively, as shown inFIG. 17 , when the first restricted service policy is used to stop an uplink data flow of the terminal, the method may include the followingstep 905b andstep 906b. - For example, as shown in
FIG. 18 , when the first restricted service policy is used to restrict a downlink data flow of the terminal, the method may include the followingstep 905c andstep 906c. - For example, when the first restricted service policy is used to stop an uplink data flow and restrict a downlink data flow of the terminal, the method may include the following
step 905a,step 905c, andstep 906c, or the method may include the followingstep 905b,step 906b,step 905c, andstep 906c. - Further, after receiving the identifier of the terminal and the first restricted service policy, the SMF may alternatively send the identifier of the terminal and the first restricted service policy to a PCF corresponding to the SMF, so that the PCF determines whether to modify the first restricted service policy. If the PCF does not need to modify the first restricted service policy, the PCF may send the identifier of the terminal and the first restricted service policy to the SMF. If the PCF needs to modify the first restricted service policy, the PCF may send a modified restricted service policy to the SMF, so that the SMF delivers, according to the modified restricted service policy, the restricted service policy corresponding to the communications device to the communications device, to provide the restricted service for the terminal. For descriptions of delivering, by the SMF according to the modified restricted service policy, restricted service policies corresponding to different communications devices to the communications devices, refer to related descriptions of delivering, according to the first restricted service policy, the restricted service policy corresponding to the communications device to the communications device. Details are not described herein again.
- The following describes the
step 905a and thestep 906a. -
Step 905a: The SMF sends a second restricted service policy to the terminal. - For specific descriptions of the
step 905a, refer to related descriptions of thestep 405a in the method provided in the embodiment shown inFIG. 4 . Details are not described herein again. -
Step 906a: The terminal stops transmission of an uplink data flow according to the second restricted service policy. - For specific descriptions of the
step 906a, refer to related descriptions of thestep 406a in the method provided in the embodiment shown inFIG. 4 . Details are not described herein again. - Further, after receiving the second restricted service policy from the SMF, the terminal may further send an acknowledgment message to the SMF. The acknowledgment message is used to acknowledge reception of the second restricted service policy sent by the SMF. For example, the terminal sends an SM NAS ack message to the SMF by using a RAN and an AMF.
- The following describes the
step 905b and thestep 906b. -
Step 905b: The SMF sends the identifier of the terminal and a third restricted service policy to an access network device. - For specific descriptions of the
step 905b, refer to related descriptions of thestep 405b in the method provided in the embodiment shown inFIG. 5 . Details are not described herein again. -
Step 906b: The access network device stops an uplink data flow of the terminal based on the identifier of the terminal and the third restricted service policy. - For specific descriptions of the
step 906b, refer to related descriptions of thestep 406b in the method provided in the embodiment shown inFIG. 5 . Details are not described herein again. - Further, after receiving the identifier of the terminal and the third restricted service policy from the SMF, the access network device may further send an acknowledgment message to the SMF. The acknowledgment message may be used to acknowledge reception of the identifier of the terminal and the third restricted service policy that are sent by the SMF. For example, the access network device sends an SM NAS ack message to the SMF by using the AMF.
- The following describes the
step 905c and thestep 906c. -
Step 905c: The SMF sends the identifier of the terminal and a fourth restricted service policy to a UPF. - For specific descriptions of the
step 905c, refer to related descriptions of thestep 405c in the method provided in the embodiment shown inFIG. 6 . Details are not described herein again. -
Step 906c: The UPF restricts a downlink data flow of the terminal based on the identifier of the terminal and the fourth restricted service policy. - For specific descriptions of the
step 906c, refer to related descriptions of thestep 406c in the method provided in the embodiment shown inFIG. 6 . Details are not described herein again. - According to the method provided in the embodiment shown in
FIG. 16 to FIG. 18 , when determining that the terminal is in a state of exception, the AF determines the first restricted service policy that corresponds to an exception of the terminal and that is used to provide the restricted service for the terminal, and sends the identifier of the terminal and the first restricted service policy to the UDM, so that the UDM sends the identifier of the terminal and the first restricted service policy to the AMF, the AMF sends the identifier of the terminal and the first restricted service policy to the SMF of the terminal, the SMF sends, according to the first restricted service policy, the restricted service policy corresponding to the communications device to the communications device, and the communications device provides the restricted service for the terminal, instead of directly deregistering the terminal when the terminal is abnormal. This effectively reduces security risks and improves management efficiency of the terminal. - The methods provided in the embodiments of this application are mainly described above from a perspective of interaction between nodes. For same or similar steps or terms mentioned in the embodiments, reference may be made to each other. It may be understood that, to implement the foregoing functions, the nodes such as the NWDAF, the PCF, the AMF, the SMF, the UDM, and other communications device include corresponding hardware structures and/or software modules for implementing the functions. A person of ordinary skill in the art should easily be aware that, in combination with the examples described in the embodiments disclosed in this specification, algorithms steps may be implemented by hardware or a combination of hardware and computer software. Whether a function is performed by hardware or hardware driven by computer software depends on particular applications and design constraints of the technical solutions. A person skilled in the art may use different methods to implement the described functions for each particular application, but it should not be considered that the implementation goes beyond the scope of this application.
- In the embodiments of this application, the NWDAF, the PCF, the AMF, the SMF, the UDM, and other communications device may be divided into functional modules according to the foregoing method examples. For example, functional modules may be obtained through division corresponding to the functions. Alternatively, two or more functions may be integrated into one processing module. The integrated module may be implemented in a form of hardware, or may be implemented in a form of a software functional module. It should be noted that, in this embodiment of this application, module division is an example, and is merely a logical function division. In an actual implementation, another division manner may be used.
- An embodiment of this application provides a communications device. The communications device may be a PCF, a chip in the PCF, or a system-on-a-chip. The communications device may be configured to perform a function of the PCF in the foregoing embodiments.
- In an implementation, as shown in
FIG. 19 , the communications device may include areceiving unit 1001 and a sendingunit 1002. - The receiving
unit 1001 is configured to receive an identifier of a terminal and indication information, where the indication information is used to indicate that the terminal is in a state of exception or indicate an exception type of the terminal. For example, the receivingunit 1001 supports the communications device to perform thestep 303. - The sending
unit 1002 is configured to send the identifier of the terminal and a first restricted service policy according to the indication information received by the receivingunit 1001, where the first restricted service policy is used to provide a restricted service for the terminal. For example, the sendingunit 1002 supports the communications device to perform thestep 304, thestep 404, thestep 507, and thestep 604. - Further, the sending
unit 1002 shown inFIG. 19 may be further configured to support the communications device to perform thestep 503. - Further, the communications device shown in
FIG. 19 may further include: a determiningunit 1003, configured to determine the first restricted service policy according to the indication information. For example, the determiningunit 1003 supports the communications device to perform thestep 403, thestep 506, and thestep 603. - It should be noted that, for all related content of the steps in the foregoing method embodiments, refer to function descriptions of the corresponding functional modules. Details are not described herein again. The communications device provided in this embodiment of this application is configured to perform the method for providing a restricted service, and therefore can achieve a same effect as the method for providing a restricted service.
- In another implementation, the communications device may include a processing module and a communications module. The processing module is configured to control and manage an action of the communications device. For example, the processing module is configured to support the communications device to perform the
step 403, thestep 506, thestep 603, and other processes of a technology described in the embodiments. The communications module is configured to support the communications device to communicate with another network entity, for example, communicate with a functional module or a network entity shown inFIG. 1 . For example, the communications module is configured to support the communications device to perform thestep 303, thestep 304, thestep 404, thestep 503, thestep 507, thestep 604, and other processes of the technology described in the embodiments. Further, the communications device may further include a storage module, configured to store program code and data of the communications device. - The processing module may be a processor a controller. The processor may implement or execute various example logical blocks, modules, and circuits described with reference to content disclosed in this application. Alternatively, the processor may be a combination of processors implementing a computing function, for example, a combination of one or more microprocessors, or a combination of the DSP and a microprocessor, and or the like. The communications module may be a transceiver circuit, a communications interface, or the like. The storage module may be a memory. When the processing module is a processor, the communications module is a communications interface, and the storage module is a memory, the communications device may be the communications device shown in
FIG. 2 . - An embodiment of this application provides another communications device. The communications device may be an SMF, a chip in the SMF, or a system-on-a-chip. The communications device may be configured to perform a function of the SMF in the foregoing embodiments.
- In an implementation, as shown in
FIG. 20 , the communications device may include areceiving unit 1101 and a sendingunit 1102. - The receiving
unit 1101 is configured to receive an identifier of a terminal and a first restricted service policy. For example, the receivingunit 1101 supports the communications device to perform thestep 305 and thestep 705. - The sending
unit 1102 is configured to send, to the communications device according to the first restricted service policy received by the receivingunit 1101, the restricted service policy corresponding to the communications device. For example, the sendingunit 1102 supports the communications device to perform thestep 306, thestep 405a, thestep 405b, thestep 405c, thestep 508a, thestep 508b, thestep 508c, thestep 706, thestep 804a, thestep 804b, thestep 804c, thestep 905a, thestep 905b, and thestep 905c. - It should be noted that, for all related content of the steps in the foregoing method embodiments, refer to function descriptions of the corresponding functional modules. Details are not described herein again. The communications device provided in this embodiment of this application is configured to perform the method for providing a restricted service, and therefore can achieve a same effect as the method for providing a restricted service.
- In another implementation, the communications device may include a processing module and a communications module. The processing module is configured to control and manage an action of the communications device. For example, the processing module is configured to support the communications device to perform other processes of a technology described in the embodiments. The communications module is configured to support the communications device in communicating with another network entity, for example, communicating with a function module or a network entity shown in
FIG. 1 . For example, the communications module is configured to support the communications device to perform thestep 305, thestep 306, thestep 405a, thestep 405b, thestep 405c, thestep 508a, thestep 508b, thestep 508c, thestep 705, thestep 706, thestep 804a, thestep 804b, thestep 804c, thestep 905a, thestep 905b, thestep 905c, and other processes of the technology described in the embodiments. The communications device may further include a storage module, configured to store program code and data of the communications device. - The processing module may be a processor a controller. The processor may implement or execute various example logical blocks, modules, and circuits described with reference to content disclosed in this application. Alternatively, the processor may be a combination of processors implementing a computing function, for example, a combination of one or more microprocessors, or a combination of the DSP and a microprocessor, and or the like. The communications module may be a transceiver circuit, a communications interface, or the like. The storage module may be a memory. When the processing module is a processor, the communications module is a communications interface, and the storage module is a memory, the communications device may be the communications device shown in
FIG. 2 . - An embodiment of this application provides still another communications device. The communications device may be an AMF, a chip in the AMF, or a system-on-a-chip. The communications system may be configured to perform a function of the AMF in the foregoing embodiments.
- In an implementation, as shown in
FIG. 21 , the communications device may include areceiving unit 1201 and a sendingunit 1202. - The receiving
unit 1201 is configured to receive an identifier of a terminal and a first restricted service policy, where the first restricted service policy is used to provide a restricted service for the terminal. - The sending
unit 1202 is configured to send, to a communications device according to the first restricted service policy received by the receivingunit 1201, the restricted service policy corresponding to the communications device, to provide the restricted service for the terminal. For example, the sendingunit 1202 supports the communications device to perform thestep 605a and thestep 605b. - Further, the sending
unit 1202 may be further configured to support the communications device to perform thestep 504 and thestep 904. - It should be noted that, for all related content of the steps in the foregoing method embodiments, refer to function descriptions of the corresponding functional modules. Details are not described herein again. The communications device provided in this embodiment of this application is configured to perform the method for providing a restricted service, and therefore can achieve a same effect as the method for providing a restricted service.
- In another implementation, the communications device may include a processing module and a communications module. The processing module is configured to control and manage an action of the communications device. The communications module is configured to support the communications device to communicate with another network entity, for example, communicate with a functional module or a network entity shown in
FIG. 1 . For example, the communications module is configured to support the communications device to perform thestep 504, thestep 605a, thestep 605b, thestep 904, and other processes of the technology described in the embodiments. The communications device may further include a storage module, configured to store program code and data of the communications device. - The processing module may be a processor a controller. The processor may implement or execute various example logical blocks, modules, and circuits described with reference to content disclosed in this application. Alternatively, the processor may be a combination of processors implementing a computing function, for example, a combination of one or more microprocessors, or a combination of the DSP and a microprocessor, and or the like. The communications module may be a transceiver circuit, a communications interface, or the like. The storage module may be a memory. When the processing module is a processor, the communications module is a communications interface, and the storage module is a memory, the communications device may be the communications device shown in
FIG. 2 . - An embodiment of this application provides still another communications device. The communications device may be a first network element, a chip in the first network element, or a system-on-a-chip. The communications system may be configured to perform a function of the first network element in the foregoing embodiments. The first network element may be an NWDAF or an AF.
- In an implementation, as shown in
FIG. 22 , the communications device may include a determiningunit 1301 and a sendingunit 1302. - The determining
unit 1301 is configured to determine that a terminal is in a state of exception. For example, the determiningunit 1301 supports the communications device to perform thestep 301, thestep 401, thestep 501, and thestep 601. - The sending
unit 1302 is configured to send an identifier of the terminal and indication information to a PCF, where the indication information is used to indicate that the terminal is in the state of exception or indicate an exception type of the terminal. For example, the sendingunit 1002 supports the communications device to perform thestep 302, thestep 402, the step 502, and thestep 602. - It should be noted that, for all related content of the steps in the foregoing method embodiments, refer to function descriptions of the corresponding functional modules. Details are not described herein again. The communications device provided in this embodiment of this application is configured to perform the method for providing a restricted service, and therefore can achieve a same effect as the method for providing a restricted service.
- In another implementation, the communications device may include a processing module and a communications module. The processing module is configured to control and manage an action of the communications device. For example, the processing module is configured to support the communications device to perform the
step 301, thestep 401, thestep 501, thestep 601, and other processes of a technology described in the embodiments. The communications module is configured to support the communications device to communicate with another network entity, for example, communicate with a functional module or a network entity shown inFIG. 1 . For example, the communications module is configured to support the communications device to perform thestep 302, thestep 402, the step 502, thestep 602, and other processes of the technology described in the embodiments. The communications device may further include a storage module, configured to store program code and data of the communications device. - The processing module may be a processor a controller. The processor may implement or execute various example logical blocks, modules, and circuits described with reference to content disclosed in this application. Alternatively, the processor may be a combination of processors implementing a computing function, for example, a combination of one or more microprocessors, or a combination of the DSP and a microprocessor, and or the like. The communications module may be a transceiver circuit, a communications interface, or the like. The storage module may be a memory. When the processing module is a processor, the communications module is a communications interface, and the storage module is a memory, the communications device may be the communications device shown in
FIG. 2 . - An embodiment of this application provides still another communications device. The communications device may be a UDM, a chip in the UDM, or a system-on-a-chip. The communications system may be configured to perform a function of the UDM in the foregoing embodiments.
- In an implementation, as shown in
FIG. 23 , the communications device may include areceiving unit 1401 and a sendingunit 1402. - The receiving
unit 1401 is configured to receive an identifier of a terminal and a first restricted service policy, where the first restricted service policy is used to provide a restricted service for the terminal. For example, the receivingunit 1401 supports the communications device to perform thestep 703. - The sending
unit 1402 is configured to send the identifier of the terminal and the first restricted service policy. For example, the determiningunit 1003 supports the communications device to perform thestep 704, thestep 803, and thestep 903. - It should be noted that, for all related content of the steps in the foregoing method embodiments, refer to function descriptions of the corresponding functional modules. Details are not described herein again. The communications device provided in this embodiment of this application is configured to perform the method for providing a restricted service, and therefore can achieve a same effect as the method for providing a restricted service.
- In another implementation, the communications device may include a processing module and a communications module. The processing module is configured to control and manage an action of the communications device. The communications module is configured to support the communications device to communicate with another network entity, for example, communicate with a functional module or a network entity shown in
FIG. 1 . For example, the communications module is configured to support the communications device to perform thestep 703, thestep 704, thestep 803, thestep 903, and other processes of the technology described in the embodiments. The communications device may further include a storage module, configured to store program code and data of the communications device. - The processing module may be a processor a controller. The processor may implement or execute various example logical blocks, modules, and circuits described with reference to content disclosed in this application. Alternatively, the processor may be a combination of processors implementing a computing function, for example, a combination of one or more microprocessors, or a combination of the DSP and a microprocessor, and or the like. The communications module may be a transceiver circuit, a communications interface, or the like. The storage module may be a memory. When the processing module is a processor, the communications module is a communications interface, and the storage module is a memory, the communications device may be the communications device shown in
FIG. 2 . - An embodiment of this application provides still another communications device. The communications device may be an AF, a chip in the AF, or a system-on-a-chip. The communications system may be configured to perform a function of the AF in the foregoing embodiments.
- In an implementation, as shown in
FIG. 24 , the communications device may include a determiningunit 1501 and a sendingunit 1502. - The determining
unit 1501 is configured to determine that a terminal is in a state of exception and a restricted service policy corresponding to an exception, where the restricted service policy corresponding to the exception is used to provide a restricted service for the terminal. For example, the determiningunit 1501 supports the communications device to perform thestep 701, thestep 801, and thestep 901. - The sending
unit 1502 is configured to send an identifier of the terminal and the restricted service policy that corresponds to the exception and that is determined by the determiningunit 1501. For example, the sendingunit 1502 supports the communications device to perform thestep 702, thestep 802, and thestep 902. - It should be noted that, for all related content of the steps in the foregoing method embodiments, refer to function descriptions of the corresponding functional modules. Details are not described herein again. The communications device provided in this embodiment of this application is configured to perform the method for providing a restricted service, and therefore can achieve a same effect as the method for providing a restricted service.
- In another implementation, the communications device may include a processing module and a communications module. The processing module is configured to control and manage an action of the communications device. For example, the processing module is configured to support the communications device to perform the
step 701, thestep 801, thestep 901, and other processes of a technology described in the embodiments. The communications module is configured to support the communications device to communicate with another network entity, for example, communicate with a functional module or a network entity shown inFIG. 1 . For example, the communications module is configured to support the communications device to perform thestep 702, thestep 802, thestep 902, and other processes of the technology described in the embodiments. The communications device may further include a storage module, configured to store program code and data of the communications device. - The processing module may be a processor a controller. The processor may implement or execute various example logical blocks, modules, and circuits described with reference to content disclosed in this application. Alternatively, the processor may be a combination of processors implementing a computing function, for example, a combination of one or more microprocessors, or a combination of the DSP and a microprocessor, and or the like. The communications module may be a transceiver circuit, a communications interface, or the like. The storage module may be a memory. When the processing module is a processor, the communications module is a communications interface, and the storage module is a memory, the communications device may be the communications device shown in
FIG. 2 . - An embodiment of this application provides a communications system. The communications system may include the communications device (the communications device may be a PCF) shown in
FIG. 19 , the communications device (the communications device may be an SMF) shown inFIG. 20 , the communications device (the communications device may be a first network element, and the first network element may be an NWDAF or an AF) shown inFIG. 22 , a terminal, an access network device, and a UPF. - The foregoing devices may collaborate with each other to implement the method for providing a restricted service provided in the embodiments of this application, for example, the method provided in any of the embodiments shown in
FIG. 3 to FIG. 6 . - Further, the communications system may further include the communications device (the communications device may be an AMF) shown in
FIG. 21 . The communications device shown inFIG. 21 and the foregoing devices collaborate with each other to implement the method for providing a restricted service provided in the embodiments of this application. For example, the method provided in any of the embodiments shown inFIG. 7 to FIG. 11 . - An embodiment of this application provides another communications system. The communications system may include the communications device (the communications device may be an SMF) shown in
FIG. 20 , the communications device (the communications device may be a UDM) shown inFIG. 23 , the communications device (the communications device may be an AF) shown inFIG. 24 , a terminal, an access network device, and a UPF. - The foregoing devices may collaborate with each other to implement the method for providing a restricted service provided in the embodiments of this application, for example, the method provided in any embodiment shown in
FIG. 12 to FIG. 15 . - Further, the communications system may further include the communications device (the communications device may be an AMF) shown in
FIG. 21 . The communications device shown inFIG. 21 and the foregoing devices collaborate with each other to implement the method for providing a restricted service provided in the embodiments of this application. For example, the method provided in any of the embodiments shown inFIG. 16 to FIG. 18 . - The foregoing descriptions about implementations allow a person skilled in the art to understand that, for ease of description and brevity, division of the foregoing functional modules is used as an example for illustration. In an actual application, the foregoing functions may be allocated to different functional modules and implemented as required, in other words, an inner structure of an apparatus is divided into different functional modules to implement all or some of the functions described above.
- In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the described apparatus embodiment is merely an example. For example, division into the modules or units is merely logical function division and may be other division in an actual implementation. For example, a plurality of units or components may be combined or integrated into another apparatus, or some features may be ignored or not performed. In addition, the displayed or discussed mutual couplings or direct couplings or communication connections may be implemented by using some interfaces. The indirect couplings or communication connections between the apparatuses or units may be implemented in electronic, mechanical, or other forms.
- The units described as separate parts may or may not be physically separate, and parts displayed as units may be one or more physical units, may be located in one place, or may be distributed on different places. Some or all of the units may be selected based on actual requirements to achieve the objectives of the solutions of the embodiments.
- In addition, functional units in the embodiments of this application may be integrated into one processing unit, or each of the units may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in a form of hardware, or may be implemented in a form of a software functional unit.
- When the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, the integrated unit may be stored in a readable storage medium. Based on such an understanding, the technical solutions of this application essentially, or the part contributing to the prior art, or all or some of the technical solutions may be implemented in the form of a software product. The software product is stored in a storage medium and includes several instructions for instructing a device (which may be a single-chip microcomputer, a chip or the like) or a processor to perform all or some of the steps of the methods described in the embodiments of this application. The foregoing storage medium includes: any medium that can store program code, such as a USB flash drive, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disc.
- The foregoing descriptions are merely specific implementations of this application, but are not intended to restrict the protection scope of this application. Any variation or replacement within the technical scope disclosed in this application shall fall within the protection scope of this application. Therefore, the protection scope of this application shall be subject to the protection scope of the claims.
Claims (49)
- A method for providing a restricted service, wherein the method comprises:receiving, by a policy control function PCF, an identifier of a terminal and indication information, the indication information indicating that the terminal is in a state of exception or indicating an exception type of the terminal; andsending, by the PCF, the identifier of the terminal and a first restricted service policy according to the indication information, wherein the first restricted service policy is used to provide a restricted service for the terminal.
- The method for providing a restricted service according to claim 1, wherein the restricted service comprises one or more of the following:stopping an uplink data flow;restricting a downlink data flow; orstopping an uplink data flow and restricting a downlink data flow.
- The method for providing a restricted service according to claim 2, wherein the sending, by the PCF, the identifier of the terminal and a first restricted service policy comprises:
sending, by the PCF, the identifier of the terminal and the first restricted service policy to a session management function SMF. - The method for providing a restricted service according to claim 1, wherein the restricted service comprises: stopping an uplink data flow; and
the sending, by the PCF, the identifier of the terminal and a first restricted service policy comprises:
sending, by the PCF, the identifier of the terminal and the first restricted service policy to an access and mobility management function AMF. - The method for providing a restricted service according to any one of claims 1 to 4, wherein the receiving, by a policy control function PCF, an identifier of a terminal and indication information comprises:
receiving, by the PCF, the identifier of the terminal and the indication information from a network data analytics function NWDAF, an application function AF, or the SMF. - A method for providing a restricted service, wherein the method comprises:receiving, by a session management function SMF, an identifier of a terminal and a first restricted service policy; andin case that the first restricted service policy is used to stop an uplink data flow of the terminal, sending, by the SMF, a second restricted service policy to the terminal, wherein the second restricted service policy is used to stop the uplink data flow of the terminal; orin case that the first restricted service policy is used to stop an uplink data flow of the terminal, sending, by the SMF, the identifier of the terminal and a third restricted service policy to an access network device, wherein the third restricted service policy is used to stop the uplink data flow of the terminal; orin case that the first restricted service policy is used to restrict a downlink data flow of the terminal, sending, by the SMF, the identifier of the terminal and a fourth restricted service policy to a user plane function UPF, wherein the fourth restricted service policy is used to restrict the downlink data flow of the terminal; orin case that the first restricted service policy is used to stop an uplink data flow of the terminal and restrict a downlink data flow of the terminal, sending, by the SMF, a second restricted service policy to the terminal, or sending the identifier of the terminal and a third restricted service policy to an access network device, and sending the identifier of the terminal and a fourth restricted service policy to a UPF, wherein the second restricted service policy is used to stop the uplink data flow of the terminal, the third restricted service policy is used to stop the uplink data flow of the terminal, and the fourth restricted service policy is used to restrict the downlink data flow of the terminal.
- The method for providing a restricted service according to claim 6, wherein:the second restricted service policy comprises a quality of service QoS rule, and the QoS rule is used to stop an uplink data flow; orthe third restricted service policy comprises a QoS configuration file, and the QoS configuration file is used to stop an uplink data flow; orthe fourth restricted service policy comprises QoS information, and the QoS information is used to restrict a downlink data flow.
- The method for providing a restricted service according to claim 6 or 7, wherein the receiving, by a session management function SMF, an identifier of a terminal and a first restricted service policy comprises:
receiving, by the SMF, the identifier of the terminal and the first restricted service policy from a policy control function PCF, a unified data management UDM, or an access and mobility management function AMF. - The method for providing a restricted service according to claim 8, wherein before the receiving, by the SMF, the identifier of the terminal and the first restricted service policy from a PCF, the method further comprises:receiving, by the SMF, the identifier of the terminal and indication information from the AMF, the indication information indicating that the terminal is in a state of exception or indicating an exception type of the terminal; andsending, by the SMF, the identifier of the terminal and the indication information to the PCF.
- A method for providing a restricted service, wherein the method comprises:receiving, by an access and mobility management function AMF, an identifier of a terminal and a first restricted service policy from a policy control function PCF, wherein the first restricted service policy is used to provide a restricted service for the terminal; andsending, by the AMF, a second restricted service policy to the terminal according to the first restricted service policy, wherein the second restricted service policy is used to stop an uplink data flow of the terminal; orsending, by the AMF, the identifier of the terminal and a third restricted service policy to an access network device according to the first restricted service policy, wherein the third restricted service policy is used to stop an uplink data flow of the terminal.
- The method for providing a restricted service according to claim 10, wherein:the second restricted service policy comprises indication information, and the indication information indicating updating or modifying a UE route selection policy (URSP) threshold value of the terminal to a first value, and the first value is usable for stopping an uplink data flow; orthe third restricted service policy comprises a quality of service QoS configuration file, and the QoS configuration file is usable for stopping an uplink data flow.
- A method for providing a restricted service, wherein the method comprises:determining, by a first network element, that a terminal is in a state of exception; andsending, by the first network element, an identifier of the terminal and indication information to a policy control function PCF, the indication information indicating that the terminal is in the state of exception or indicating an exception type of the terminal.
- The method for providing a restricted service according to claim 12, wherein the determining, by a first network element, that a terminal is in a state of exception comprises:
determining, by the first network element based on traffic information of the terminal, that the terminal is in the state of exception, wherein the traffic information comprises uplink traffic information and/or downlink traffic information. - The method for providing a restricted service according to claim 12 or 13, wherein the exception type comprises one or more of the following:abnormal uplink traffic;abnormal downlink traffic; orabnormal uplink traffic and abnormal downlink traffic.
- The method for providing a restricted service according to any one of claims 12 to14, wherein the first network element is a network data analytics function NWDAF or an application function AF.
- A method for providing a restricted service, wherein the method comprises:receiving, by a unified data management UDM, an identifier of a terminal and a first restricted service policy from an application function AF, wherein the first restricted service policy is used to provide a restricted service for the terminal; andsending, by the UDM, the identifier of the terminal and the first restricted service policy to an access and mobility management function AMF or a session management function SMF.
- The method for providing a restricted service according to claim 16, wherein the restricted service comprises one or more of the following:stopping an uplink data flow;restricting a downlink data flow; orstopping an uplink data flow and restricting a downlink data flow.
- A method for providing a restricted service, wherein the method comprises:determining, by an application function AF, that a terminal is in a state of exception and a restricted service policy corresponding to an exception, wherein the restricted service policy corresponding to the exception is used to provide a restricted service for the terminal; andsending, by the AF, the identifier of the terminal and the restricted service policy corresponding to the exception to a unified data management UDM.
- The method for providing a restricted service according to claim 18, wherein the determining, by an application function AF, that a terminal is in a state of exception comprises:
determining, by the AF based on the traffic information of the terminal, that the terminal is in the state of exception, wherein the traffic information comprises uplink traffic information and/or downlink traffic information. - The method for providing a restricted service according to claim 18 or 19, wherein the restricted service comprises one or more of the following:stopping an uplink data flow;restricting a downlink data flow; orstopping an uplink data flow and restricting a downlink data flow.
- A communications device, comprising:a receiving unit, configured to receive an identifier of a terminal and indication information, the indication information indicating that the terminal is in a state of exception or indicating an exception type of the terminal; anda sending unit, configured to send the identifier of the terminal and a first restricted service policy according to the indication information received by the receiving unit, wherein the first restricted service policy is used to provide a restricted service for the terminal.
- The communications device according to claim 21, wherein the restricted service comprises one or more of the following:stopping an uplink data flow;restricting a downlink data flow; orstopping an uplink data flow and restricting a downlink data flow.
- The communications device according to claim 22, wherein the sending unit is specifically configured to:
send the identifier of the terminal and the first restricted service policy to a session management function SMF. - The communications device according to claim 21, wherein the restricted service comprises: stopping an uplink data flow; and
the sending unit is specifically configured to send the identifier of the terminal and the first restricted service policy to an access and mobility management function AMF. - The communications device according to any one of claims 21 to 24, wherein the receiving unit is specifically configured to:
receive the identifier of the terminal and the indication information from a network data analytics function NWDAF, an application function AF, or the SMF. - A communications device, comprising:a receiving unit, configured to receive an identifier of a terminal and a first restricted service policy; anda sending unit, configured to: in case that the first restricted service policy received by the receiving unit is used to stop an uplink data flow of the terminal, send a second restricted service policy to the terminal, wherein the second restricted service policy is used to stop the uplink data flow of the terminal; or in case that the first restricted service policy received by the receiving unit is used to stop an uplink data flow of the terminal, send an identifier of the terminal and a third restricted service policy to an access network device, wherein the third restricted service policy is used to stop the uplink data flow of the terminal; or in case that the first restricted service policy received by the receiving unit is used to restrict a downlink data flow of the terminal, send an identifier of the terminal and a fourth restricted service policy to a user plane function UPF, wherein the fourth restricted service policy is used to restrict the downlink data flow of the terminal; or in case that the first restricted service policy received by the receiving unit is used to stop an uplink data flow of the terminal and restrict a downlink data flow of the terminal, send a second restricted service policy to the terminal, or send an identifier of the terminal and a third restricted service policy to an access network device, and send the identifier of the terminal and a fourth restricted service policy to the UPF, wherein the second restricted service policy is used to stop the uplink data flow of the terminal, the third restricted service policy is used to stop the uplink data flow of the terminal, and the fourth restricted service policy is used to restrict the downlink data flow of the terminal.
- The communications device according to claim 26, wherein:the second restricted service policy comprises a quality of service QoS rule, and the QoS rule is used to stop an uplink data flow; orthe third restricted service policy comprises a QoS configuration file, and the QoS configuration file is used to stop an uplink data flow; orthe fourth restricted service policy comprises QoS information, and the QoS information is used to restrict a downlink data flow.
- The communications device according to claim 26 or 27, wherein the receiving unit is specifically configured to:
receive the identifier of the terminal and the first restricted service policy from a policy control function PCF, a unified data management UDM, or an access and mobility management function AMF. - The communications device according to claim 28, wherein:the receiving unit is further configured to receive the identifier of the terminal and indication information from the AMF, the indication information indicating that the terminal is in a state of exception or indicating an exception type of the terminal; andthe sending unit is further configured to send the identifier of the terminal and the indication information to the PCF.
- A communications device, comprising:a receiving unit, configured to receive an identifier of a terminal and a first restricted service policy from a policy control function PCF, wherein the first restricted service policy is used to provide a restricted service for the terminal; anda sending unit, configured to send a second restricted service policy to the terminal according to the first restricted service policy, wherein the second restricted service policy is used to stop an uplink data flow of the terminal; or send the identifier of the terminal and a third restricted service policy to an access network device according to the first restricted service policy, wherein the third restricted service policy is used to stop an uplink data flow of the terminal.
- The communications device according to claim 30, wherein:the second restricted service policy comprises indication information, and the indication information indicating updating or modifying a UE route selection policy (URSP) threshold value of the terminal to a first value, and the first value is usable for stopping an uplink data flow; orthe third restricted service policy comprises a quality of service QoS configuration file, and the QoS configuration file is usable for stopping an uplink data flow.
- A communications device, comprising:a determining unit, configured to determine that a terminal is in a state of exception; anda sending unit, configured to send an identifier of the terminal and indication information to a policy control function PCF, the indication information indicating that the terminal is in the state of exception or indicating an exception type of the terminal.
- The communications device according to claim 32, wherein the determining unit is specifically configured to:
determine, based on traffic information of the terminal, that the terminal is in the state of exception, wherein the traffic information comprises uplink traffic information and/or downlink traffic information. - The communications device according to claim 32 or 33, wherein the exception type comprises one or more of the following:abnormal uplink traffic;abnormal downlink traffic; andabnormal uplink traffic and abnormal downlink traffic.
- The communications device according to any one of claims 32 to 34, wherein the communications device is a network data analytics function NWDAF or an application function AF.
- A communications device, comprising:a receiving unit, configured to receive an identifier of a terminal and a first restricted service policy from an application function AF, wherein the first restricted service policy is used to provide a restricted service for the terminal; anda sending unit, configured to send the identifier of the terminal and the first restricted service policy to an access and mobility management function AMF or a session management function SMF.
- The communications device according to claim 36, wherein the restricted service comprises one or more of the following:stopping an uplink data flow;restricting a downlink data flow; orstopping an uplink data flow and restricting a downlink data flow.
- A communications device, comprising:a determining unit, configured to determine that a terminal is in a state of exception and a restricted service policy corresponding to an exception, wherein the restricted service policy corresponding to the exception is used to provide a restricted service for the terminal; anda sending unit, configured to send to a unified data management UDM, the identifier of the terminal and the restricted service policy that is corresponding to the exception and that is determined by the determining unit.
- The communications device according to claim 38, wherein the determining unit is specifically configured to:
determine, based on the traffic information of the terminal, that the terminal is in the state of exception, wherein the traffic information comprises uplink traffic information and/or downlink traffic information. - The communications device according to claim 38 or 39, wherein the restricted service comprises one or more of the following:stopping an uplink data flow;restricting a downlink data flow; orstopping an uplink data flow and restricting a downlink data flow.
- A communications system, comprising: a policy control function PCF and a session management function SMF, wherein:the PCF is configured to: receive an identifier of a terminal and indication information, and send the identifier of the terminal and a first restricted service policy according to the indication information, the indication information indicating that the terminal is in a state of exception or indicating an exception type of the terminal, and the first restricted service policy is used to provide a restricted service for the terminal; andthe SMF is configured to: receive the identifier of the terminal and the first restricted service policy, and send, to a communications device according to the first restricted service policy, a restricted service policy of the terminal corresponding to the communications device.
- The communications systems according to claim 41, wherein the communications system further comprises: a first network element; and
the first network element is configured to determine that the terminal is in the state of exception, and send the identifier of the terminal and the indication information to the PCF. - The communications system according to claim 42, wherein the first network element is a network data analytics function NWDAF or an application function AF.
- The communications system according to any one of claims 41 to 43, wherein that the SMF is configured to send, to a communications device according to the first restricted service policy, a restricted service policy of the terminal comprises:in case that the first restricted service policy is used to stop an uplink data flow of the terminal, the SMF is configured to send a second restricted service policy to the terminal, wherein the second restricted service policy is used to stop the uplink data flow of the terminal; orin case that the first restricted service policy is used to stop an uplink data flow of the terminal, the SMF is configured to send the identifier of the terminal and a third restricted service policy to an access network device, wherein the third restricted service policy is used to stop the uplink data flow of the terminal; orin case that the first restricted service policy is used to restrict a downlink data flow of the terminal, the SMF is configured to send the identifier of the terminal and a fourth restricted service policy to a user plane function UPF, wherein the fourth restricted service policy is used to restrict a downlink data flow of the terminal; orin case that the first restricted service policy is used to stop an uplink data flow of the terminal and restrict a downlink data flow of the terminal, the SMF is configured to: send a second restricted service policy to the terminal, or send the identifier of the terminal and a third restricted service policy to an access network device, and send the identifier of the terminal and a fourth restricted service policy to the UPF, wherein the second restricted service policy is used to stop the uplink data flow of the terminal, the third restricted service policy is used to stop the uplink data flow of the terminal, and the fourth restricted service policy is used to restrict the downlink data flow of the terminal.
- The communications system according to claim 44, wherein in case that the first restricted service policy is used to stop an uplink data flow of the terminal, the communications system further comprises the terminal; and
the terminal is configured to receive the second restricted service policy. - A communications system, comprising: a first network element and a policy control function PCF, wherein:the first network element is configured to determine that a terminal is in a state of exception, and send an identifier of the terminal and indication information to the PCF, wherein the indication information indicating that the terminal is in the state of exception or indicating an exception type of the terminal; andthe PCF is configured to: receive the identifier of the terminal and the indication information, and send the identifier of the terminal and a first restricted service policy according to the indication information, wherein the first restricted service policy is used to provide a restricted service for the terminal.
- The communications system according to claim 46, wherein the first network element is a network data analytics function NWDAF or an application function AF.
- The communications system according to claim 46 or 47, wherein the first network element is further configured to:
determine, based on the traffic information of the terminal, that the terminal is in the state of exception, wherein the traffic information comprises uplink traffic information and/or downlink traffic information. - The communications system according to any one of claims 46 to 48, wherein the restricted service comprises one or more of the following:stopping an uplink data flow;restricting a downlink data flow; orstopping an uplink data flow and restricting a downlink data flow.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810627352.8A CN110602735B (en) | 2018-06-13 | 2018-06-13 | Method for providing limited service and communication equipment |
PCT/CN2019/091145 WO2019238097A1 (en) | 2018-06-13 | 2019-06-13 | Method for providing restricted service and communication device |
Publications (3)
Publication Number | Publication Date |
---|---|
EP3800927A1 true EP3800927A1 (en) | 2021-04-07 |
EP3800927A4 EP3800927A4 (en) | 2021-12-08 |
EP3800927B1 EP3800927B1 (en) | 2023-06-07 |
Family
ID=68841886
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP19819529.9A Active EP3800927B1 (en) | 2018-06-13 | 2019-06-13 | Restricted service based on exception type of a terminal |
Country Status (5)
Country | Link |
---|---|
US (2) | US11848963B2 (en) |
EP (1) | EP3800927B1 (en) |
CN (1) | CN110602735B (en) |
BR (1) | BR112020025388A2 (en) |
WO (1) | WO2019238097A1 (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113206814B (en) * | 2020-01-31 | 2022-11-18 | 华为技术有限公司 | Network event processing method and device and readable storage medium |
CN117395694A (en) * | 2020-05-22 | 2024-01-12 | 华为技术有限公司 | Communication method, device and system |
CN114079992B (en) * | 2020-08-13 | 2024-08-02 | 阿里巴巴集团控股有限公司 | Network switching method, user equipment, network entity and storage medium |
CN114531681A (en) * | 2020-10-30 | 2022-05-24 | 华为技术有限公司 | Abnormal terminal control method and device |
CN112804716B (en) * | 2020-12-29 | 2023-04-28 | 联想未来通信科技(重庆)有限公司 | Configuration method and device of data limit value and storage medium |
CN116208306A (en) * | 2021-11-30 | 2023-06-02 | 中兴通讯股份有限公司 | Abnormal signaling management and control method and device, electronic equipment and storage medium |
US20230308467A1 (en) * | 2022-03-24 | 2023-09-28 | At&T Intellectual Property I, L.P. | Home Gateway Monitoring for Vulnerable Home Internet of Things Devices |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9288078B2 (en) | 2005-03-25 | 2016-03-15 | Qualcomm Incorporated | Apparatus and methods for managing content exchange on a wireless device |
EP2548388A4 (en) * | 2010-03-15 | 2017-08-02 | Tekelec, Inc. | Methods, systems, and computer readable media for communicating policy information between a policy charging and rules function and a service node |
CN102457938B (en) * | 2010-10-18 | 2016-03-30 | 中兴通讯股份有限公司 | The method and system of terminal access restriction |
US8873753B2 (en) * | 2012-08-27 | 2014-10-28 | Verizon Patent And Licensing Inc. | Analysis of network operation |
CN102882712B (en) * | 2012-09-17 | 2019-02-19 | 中兴通讯股份有限公司 | The control method of network strategy, apparatus and system |
CN102868444B (en) * | 2012-10-10 | 2015-06-17 | 刘俊 | Communication data extraction device and method of passive optical network |
WO2015133754A1 (en) | 2014-03-07 | 2015-09-11 | 엘지전자 주식회사 | Method and apparatus for managing qos in wireless communication system |
US9900911B2 (en) | 2015-05-15 | 2018-02-20 | Mediatek Inc. | QoS provisioning for LTE-WLAN aggregation |
CN105163335B (en) * | 2015-07-31 | 2019-04-26 | 腾讯科技(深圳)有限公司 | A kind of network access management method, server, mobile terminal and system |
US10237795B2 (en) | 2015-10-11 | 2019-03-19 | Qualcomm Incorporated | Evolved packet data gateway (EPDG) reselection |
CN105721506B (en) * | 2016-04-19 | 2021-03-16 | 北京小米移动软件有限公司 | Method, device and system for account number theft prevention |
CN106028356A (en) * | 2016-07-05 | 2016-10-12 | 上海斐讯数据通信技术有限公司 | Wireless access equipment processing method and system |
CN106331184B (en) * | 2016-12-01 | 2020-01-31 | 网宿科技股份有限公司 | Internet-based big data distribution method and distribution platform |
WO2020139696A1 (en) * | 2018-12-28 | 2020-07-02 | Weihua Qiao | Restrict services and policy control for always-on pdu session |
US11729737B2 (en) * | 2020-02-11 | 2023-08-15 | Nokia Technologies Oy | Methods, apparatuses, and computer program products for handling emergency services in private networks |
-
2018
- 2018-06-13 CN CN201810627352.8A patent/CN110602735B/en active Active
-
2019
- 2019-06-13 WO PCT/CN2019/091145 patent/WO2019238097A1/en unknown
- 2019-06-13 EP EP19819529.9A patent/EP3800927B1/en active Active
- 2019-06-13 BR BR112020025388-0A patent/BR112020025388A2/en unknown
-
2020
- 2020-12-14 US US17/120,720 patent/US11848963B2/en active Active
-
2023
- 2023-11-22 US US18/517,924 patent/US20240089299A1/en active Pending
Also Published As
Publication number | Publication date |
---|---|
US20210099493A1 (en) | 2021-04-01 |
US20240089299A1 (en) | 2024-03-14 |
CN110602735A (en) | 2019-12-20 |
US11848963B2 (en) | 2023-12-19 |
BR112020025388A2 (en) | 2021-03-09 |
WO2019238097A1 (en) | 2019-12-19 |
EP3800927A4 (en) | 2021-12-08 |
CN110602735B (en) | 2021-06-29 |
EP3800927B1 (en) | 2023-06-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3800927B1 (en) | Restricted service based on exception type of a terminal | |
US10779195B2 (en) | Information transmission method and apparatus | |
KR102469191B1 (en) | Information transmission method and device, computer readable storage medium | |
EP3981190B1 (en) | Method and apparatus for enforcement of maximum number of protocol data unit sessions per network slice in a communication system | |
WO2018045877A1 (en) | Network slicing control method and related device | |
US9100242B2 (en) | System and method for maintaining captive portal user authentication | |
US11805394B2 (en) | Context management method and apparatus | |
EP3648506A1 (en) | Method, device and system for activating session | |
CN109391603B (en) | Data integrity protection method and device | |
EP3987881B1 (en) | Method and apparatus for admission control of sessions based on priority | |
JP2020511083A (en) | Service quality control method and device, SMF, UPF, UE, PCF and AN | |
EP4192111A1 (en) | Relay management method and communication apparatus | |
US20120026961A1 (en) | Network management system | |
WO2019096306A1 (en) | Request processing method, and corresponding entity | |
EP3687135A1 (en) | Device monitoring, and deregistration method and apparatus | |
CN112087777B (en) | MDBV (minimum drive buffer volume) determination method, device and system | |
WO2021227600A1 (en) | Network slice control method and communication apparatus | |
WO2024051313A1 (en) | Communication resource management method, apparatus and system, and storage medium | |
US20160073266A1 (en) | Resources in a Communication System | |
CN117528629A (en) | Communication method, device and system | |
CN117478431B (en) | Industrial Internet of things control method based on trusted network | |
WO2023184462A1 (en) | Dedicated mbr configuration for network slice in communication networks | |
WO2024032603A1 (en) | Communication method and apparatus | |
EP4068820A1 (en) | Communication method and communication apparatus | |
WO2021056449A1 (en) | Session switching method, apparatus and related device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20201229 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
A4 | Supplementary search report drawn up and despatched |
Effective date: 20211108 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 12/24 20060101ALN20211102BHEP Ipc: H04W 88/14 20090101ALN20211102BHEP Ipc: H04W 24/04 20090101AFI20211102BHEP |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20220721 |
|
REG | Reference to a national code |
Ref document number: 602019030622 Country of ref document: DE Ref country code: DE Ref legal event code: R079 Free format text: PREVIOUS MAIN CLASS: H04W0024040000 Ipc: H04L0009400000 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04W 88/14 20090101ALN20221214BHEP Ipc: H04W 12/12 20210101ALN20221214BHEP Ipc: H04L 41/0894 20220101ALN20221214BHEP Ipc: H04W 24/04 20090101ALN20221214BHEP Ipc: H04L 9/40 20220101AFI20221214BHEP |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04W 88/14 20090101ALN20221220BHEP Ipc: H04W 12/12 20210101ALN20221220BHEP Ipc: H04L 41/0894 20220101ALN20221220BHEP Ipc: H04W 24/04 20090101ALN20221220BHEP Ipc: H04L 9/40 20220101AFI20221220BHEP |
|
INTG | Intention to grant announced |
Effective date: 20230118 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP Ref country code: AT Ref legal event code: REF Ref document number: 1578062 Country of ref document: AT Kind code of ref document: T Effective date: 20230615 Ref country code: DE Ref legal event code: R096 Ref document number: 602019030622 Country of ref document: DE |
|
P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230524 |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG9D |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20230607 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230907 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 1578062 Country of ref document: AT Kind code of ref document: T Effective date: 20230607 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230908 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20231007 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20231009 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20231007 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20230630 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20230613 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602019030622 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: MM4A |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20230613 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20230613 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20230613 Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20230630 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 |
|
26N | No opposition filed |
Effective date: 20240308 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230607 Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20230630 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20240502 Year of fee payment: 6 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20240502 Year of fee payment: 6 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20240509 Year of fee payment: 6 |